Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m2ca-cwwa-mqcc
Summary
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Aliases
0
alias CVE-2025-6218
Fixed_packages
0
url pkg:deb/debian/rar@0?distro=trixie
purl pkg:deb/debian/rar@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rar@0%3Fdistro=trixie
1
url pkg:deb/debian/rar@2:6.23-1~deb11u1?distro=trixie
purl pkg:deb/debian/rar@2:6.23-1~deb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gkjf-x8s7-57dn
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rar@2:6.23-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/rar@2:7.01-1~deb12u1?distro=trixie
purl pkg:deb/debian/rar@2:7.01-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rar@2:7.01-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rar@2:7.11-1?distro=trixie
purl pkg:deb/debian/rar@2:7.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rar@2:7.11-1%3Fdistro=trixie
4
url pkg:deb/debian/rar@2:7.20-1?distro=trixie
purl pkg:deb/debian/rar@2:7.20-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rar@2:7.20-1%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6218
reference_id
reference_type
scores
0
value 0.04756
scoring_system epss
scoring_elements 0.89442
published_at 2026-04-09T12:55:00Z
1
value 0.04756
scoring_system epss
scoring_elements 0.89459
published_at 2026-04-16T12:55:00Z
2
value 0.04756
scoring_system epss
scoring_elements 0.89444
published_at 2026-04-13T12:55:00Z
3
value 0.04756
scoring_system epss
scoring_elements 0.89448
published_at 2026-04-12T12:55:00Z
4
value 0.04756
scoring_system epss
scoring_elements 0.8945
published_at 2026-04-11T12:55:00Z
5
value 0.04756
scoring_system epss
scoring_elements 0.8942
published_at 2026-04-04T12:55:00Z
6
value 0.04756
scoring_system epss
scoring_elements 0.89422
published_at 2026-04-07T12:55:00Z
7
value 0.04756
scoring_system epss
scoring_elements 0.89438
published_at 2026-04-08T12:55:00Z
8
value 0.0527
scoring_system epss
scoring_elements 0.89958
published_at 2026-04-02T12:55:00Z
9
value 0.06169
scoring_system epss
scoring_elements 0.90858
published_at 2026-04-18T12:55:00Z
10
value 0.06169
scoring_system epss
scoring_elements 0.90857
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6218
1
reference_url https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6
reference_id singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-12-10T04:57:14Z/
url https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6
2
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-409/
reference_id ZDI-25-409
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-12-10T04:57:14Z/
url https://www.zerodayinitiative.com/advisories/ZDI-25-409/
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Exploits
0
date_added 2025-12-09
description RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
required_action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
due_date 2025-12-30
notes https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score7.8 - 7.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m2ca-cwwa-mqcc