VERY IMPORTANT

Two high-severity vulnerabilities in WinRAR for Windows enable attackers to write files outside intended extraction directories. CVE-2025-6218 involves traditional path traversal, while CVE-2025-8088 extends the attack using NTFS Alternate Data Streams. Both flaws allow for reliable persistence and remote code execution in enterprise environments. Threat actors RomCom and Paper Werewolf have exploited CVE-2025-8088 in active campaigns. The vulnerabilities affect WinRAR versions 7.11 and earlier, with fixes available in versions 7.12 Beta 1 and 7.13. Exploitation requires minimal user interaction and can lead to stealthy persistence by dropping files into autorun locations or hiding payloads in ADS. Immediate patching and proactive hunting for ADS and Startup modifications are essential for defense.