Your Stolen WinRAR Copy Is Being Actively Exploited In The Wild, Patch ASAP

Those of you using WinRAR, Windows 10, or both should be on high alert. Two new vulnerabilities have been documented in the wild and are being actively exploited. As of this week, The National Coordinator for Critical Infrastructure Security and Resilience (CISA) has documented CVE-2025-6218 and CVE-2025-6222, two currently-active attack vectors. Alongside its public disclosure of the issues, CISA has also ordered all United States federal agencies to address these vulnerabilities by December 30th.

CVE-2025-6218 (WinRAR Directory Traversal Remote Code Execution Vulnerability) applies to all Windows WinRAR users who haven't updated the application to version 7.12, or higher. Linux, Android, and Unix users are not impacted. Vulnerable users are being targeted with malicious web pages and phishing emails, especially business users. If you haven't already, make sure your copy of WinRAR is up-to-date, since the vulnerability allows for remote code execution that could compromise your entire system ...