CISA Adds WinRAR Vulnerability to KEV Catalog for Active Exploitation
CISA warns about WinRAR vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability affecting WinRAR compression software to its catalog of Known Exploited Vulnerabilities (KEV), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal flaw that could allow code execution. To be exploited, it requires a target to visit a malicious web page or open a malicious file. ...