Ongoing attacks leveraging the high-severity WinRAR path traversal flaw, tracked as CVE-2025-6218, have prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities list, reports The Hacker News.Federal civilian executive branch agencies have been ordered to remediate the security issue, which could facilitate code execution via malicious websites or files, by Dec. 30. Multiple threat operations were reported to have already abused the flaw in recent months. Hacking group GOFFEE, also known as Paper Werewolf, was noted by BI.ZONE to have harnessed the bug alongside the critical WinRAR path traversal weakness, tracked as CVE-2025-8088, to compromise Russian organizations.Separate intrusions involving CVE-2025-6218 have also been launched by South Asian advanced persistent threat operation Bitter and Russian hacking group Gamaredon to facilitate the deployment of a C# trojan and the Pteranodon malware, respectively. Gamaredon was also found by ClearSky researchers to have used CVE-2025-8088 for illicit VBScript and GamaWiper payload delivery.
Vulnerability Management, Patch/Configuration Management
WinRAR bug added to CISA KEV catalog

Viersen, Germany – March 1. 2024: Closeup of smartphone screen with logo lettering of Winrar zip file achiever on computer keyboard
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



