CVE-2022-30333 RARLAB CVE debrief

Who should care

Organizations that use RARLAB UnRAR, especially teams responsible for archive handling, endpoint management, vulnerability remediation, and systems covered by CISA KEV response requirements.

Technical summary

The supplied corpus identifies the issue as a directory traversal vulnerability in RARLAB UnRAR. CISA classifies the CVE as known exploited and notes known ransomware campaign use. The source item metadata also references a vendor update to version 6.12 as the remediation path noted by CISA.

Defensive priority

High. This CVE is in CISA’s Known Exploited Vulnerabilities catalog, which indicates confirmed exploitation risk and time-sensitive remediation needs. The KEV entry also marks known ransomware campaign use.

Recommended defensive actions

• Apply vendor updates per the CISA KEV guidance.
• Prioritize remediation for any systems running RARLAB UnRAR, including endpoints and servers that process archives automatically.
• Validate that deployments have moved to the vendor-referenced updated version 6.12.
• Track remediation against the CISA due date of 2022-08-30 for KEV handling.
• Review systems that regularly extract user-supplied archives and confirm they are patched and monitored.

Evidence notes

Evidence in the supplied corpus comes from the CISA KEV JSON entry, which lists vendorProject RARLAB, product UnRAR, dateAdded 2022-08-09, dueDate 2022-08-30, requiredAction 'Apply updates per vendor instructions,' and knownRansomwareCampaignUse 'Known.' The source item metadata also references an update to version 6.12. Official reference links provided in the corpus include the CVE record, NVD detail page, and CISA KEV catalog.

Official resources