Vulnerability Management, Patch/Configuration Management

WinRAR bug added to CISA KEV catalog

Viersen, Germany – March 1. 2024: Closeup of smartphone screen with logo lettering of Winrar zip file achiever on computer keyboard

Ongoing attacks leveraging the high-severity WinRAR path traversal flaw, tracked as CVE-2025-6218, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list, reports The Hacker News.

Federal civilian executive branch agencies have been ordered to remediate the security issue, which could facilitate code execution via malicious websites or files, by Dec. 30. Multiple threat operations were reported to have already abused the flaw in recent months. Hacking group GOFFEE, also known as Paper Werewolf, was noted by BI.ZONE to have harnessed the bug alongside the critical WinRAR path traversal weakness, tracked as CVE-2025-8088, to compromise Russian organizations.

Separate intrusions involving CVE-2025-6218 have also been launched by South Asian advanced persistent threat operation Bitter and Russian hacking group Gamaredon to facilitate the deployment of a C# trojan and the Pteranodon malware, respectively. Gamaredon was also found by ClearSky researchers to have used CVE-2025-8088 for illicit VBScript and GamaWiper payload delivery.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds