The US cybersecurity agency CISA has identified a serious security flaw in the widely used packaging program warned. The vulnerability with the identifier CVE-2025-6218 is currently being exploited by several attackers.
The vulnerability, which has a CVSS score of 7.8, enables a path traversal attack: Manipulated archives or crafted websites can ensure that files are stored in places where they do not actually belong, in the worst case in security-critical system directories such as the Windows startup. If such an attack is carried out successfully, malicious code can be unintentionally executed in the context of the logged in user. Only WinRAR versions for Windows are affected; versions for other operating systems do not have the problem. The manufacturer Rarlab closed the vulnerability with version 7.12 in June 2025, but many users have not yet carried out an update.
As it turns out, the vulnerability is part of several complex attack chains. Security companies such as BI.ZONE, Foresiet, SecPod and Synaptic Security report campaigns by several actors, including GOFFEE (Paper Werewolf), the Bitter APT group and the Russian hacker collective Gamaredon.
GOFFEE is said to have used the vulnerability together with another WinRAR vulnerability (CVE-2025-8088) in targeted phishing attacks in the summer of 2025. The Bitter group, in turn, uses specially prepared RAR archives to set up persistent access to compromised systems. A harmless-looking Word document is delivered together with a manipulated macro template that is secretly copied into the global Word template folder. This means that a malicious macro is automatically loaded every time Word is started and serves as an entry point for a C# Trojan that can access data and communicate with an external command and control server.
The attacks by the Russian group Gamaredon, which uses the vulnerability to infect Ukrainian military and government offices with the malicious program “Pteranodon”, are particularly explosive. Experts speak of a clearly military-oriented, state-coordinated espionage and sabotage campaign. A new, destructive wiper called “GamaWiper” has now even been observed. This is a novelty for Gamaredon, which has previously been known primarily for information theft.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…
Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…
A payment card is easiest to understand when users see how it fits into real…
OnePlus will soon be history. At least in Europe and the USA. What has been…
Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…
Google appears to be starting to distribute the new immersive navigation for Google Maps. The…