Rarlab

Known Exploited Rarlab Vulnerabilities

The following Rarlab vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 0 vulnerabilities in Rarlab. Last year, in 2025 Rarlab had 6 security vulnerabilities published. Right now, Rarlab is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Rarlab Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-14111	Dec 05, 2025	Android RAR App Path Traversal in com.rarlab.rar <7.11 (build 127) A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
CVE-2025-52331	Nov 12, 2025	XSS in Generate Report of WinRAR 7.11 (User Interaction Required) Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious HTML tags to be injected into the report. User interaction is required. User must use the "generate report" functionality and open the report.	Winrar
CVE-2025-8088	Aug 08, 2025	RCE via Path Traversal in WinRAR Windows A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Koinár, and Peter Strýek from ESET.	Winrar
CVE-2014-125119	Jul 25, 2025	WinRAR RCE via Zip Filename Spoofing A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution.	Winrar
CVE-2025-6218	Jun 21, 2025	WinRAR Directory Traversal RCE via Crafted Archive Path RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.	Winrar
CVE-2025-31334	Apr 03, 2025	WinRAR <7.11: Bypass MOW via Symlink for Exec Code Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.	Winrar
CVE-2024-36052	May 21, 2024	WinRAR before 7.00 Screen Spoofing via ANSI Escape Sequences RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.	Winrar
CVE-2023-40477	May 03, 2024	RARLAB WinRAR RC Array Index RCE via Recovery Volume RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.	Winrar
CVE-2024-33899	Apr 29, 2024	WinRAR <7.00: Screen Spoof/DoS via ANSI Escape Sequences RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.	Winrar
CVE-2024-30370	Apr 02, 2024	WinRAR Mark-Of-The-Web Bypass via Archive Extraction RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page. The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current user. Was ZDI-CAN-23156.	Winrar