CVE-2025-6218 is a RARLAB WinRAR path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-12-09. The KEV listing indicates known exploitation and directs organizations to apply vendor mitigations, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The supplied source corpus does not provide a [truncated]
CVE-2025-8088 is a RARLAB WinRAR path traversal vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-08-12. Because it appears in KEV, defenders should treat it as actively exploited or at least confirmed high-risk exposure and prioritize mitigation using vendor guidance.
CVE-2023-38831 is a WinRAR code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-08-24. The KEV record indicates known exploitation and notes known ransomware campaign use. Organizations that use WinRAR should treat this as a high-priority remediation item and follow vendor guidance immediately.
CVE-2022-30333 is a directory traversal vulnerability affecting RARLAB UnRAR. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-08-09 and marked it as having known ransomware campaign use. The CISA entry directs organizations to apply vendor updates, and the source notes reference UnRAR version 6.12.
CVE-2018-20250 is a WinRAR absolute path traversal issue that CISA has included in its Known Exploited Vulnerabilities catalog. The supplied metadata also marks it as associated with known ransomware campaign use, so defenders should treat it as a high-priority remediation item. The record dates supplied here reflect publication and KEV entry on 2022-02-15; they should not be confused with the original vu [truncated]
