CVE-2025-6218 PoC — WinRAR 路径遍历漏洞

Source

https://github.com/skimask1690/CVE-2025-6218-POC

Associated Vulnerability

Title:WinRAR 路径遍历漏洞 (CVE-2025-6218)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在路径遍历漏洞，该漏洞源于处理存档文件路径不当，可能导致目录遍历和远程代码执行。

Description

Proof of Concept for CVE-2025-6218, demonstrating the exploitation of a vulnerability in WinRAR versions 7.11 and under, involving improper handling of archive extraction paths.

Readme

# CVE-2025-6218 Proof of Concept (POC)

## Overview
This repository contains a simple Proof of Concept (POC) for **CVE-2025-6218**, demonstrating the exploitation of a vulnerability involving WinRAR’s handling of archive extraction paths. The POC batch script creates a ZIP archive that places a batch file into the Windows Startup folder, which runs `calc.exe` upon user login.

---

## How it Works

- The batch script (`CVE-2025-6218.bat`) generates a simple batch file (`POC.bat`) that runs the Windows Calculator (`calc.exe`).
- It then uses WinRAR to create a ZIP archive (`CVE-2025-6218.zip`) that is crafted to extract the batch file into the Windows Startup folder.
- The vulnerability is triggered when the ZIP archive is **right-clicked**, then **opened with WinRAR**, and extracted using the **"Extract to {folder}\"** option.
- Upon extraction, the batch file is placed in the Startup folder and will execute automatically on the next user login, demonstrating arbitrary code execution.

---

## Vulnerable Versions

- ✅ **Vulnerable**: WinRAR **7.11 and earlier**
- ❌ **Not vulnerable**: WinRAR **7.12 and later**  
  Users are strongly advised to update to the latest version to mitigate this vulnerability.

---

## Script Requirements

- WinRAR (any version) must be installed in the default location: `C:\Program Files\WinRAR\WinRAR.exe`

---

## Usage

1. Run the provided batch script (`CVE-2025-6218.bat`).
2. This creates `CVE-2025-6218.zip` with the crafted batch file inside.
3. To exploit the vulnerability:
   - **Right-click** the `CVE-2025-6218.zip` file.
   - Select **WinRAR**.
   - Use the **"Extract to {folder}\"** option inside WinRAR to extract the files.
4. The batch file will be extracted to the Windows Startup folder (`%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup`), assuming that navigating two directories up from the current working directory leads to the user's home directory (%USERPROFILE%).
5. On the next user login, `calc.exe` will launch automatically.

---

## Disclaimer

This POC is for educational and testing purposes only. Use it responsibly and only on systems you own or have explicit permission to test. The author is not responsible for any misuse or damage caused by this code.

---

## License

[MIT License](LICENSE)

File Snapshot


 [4.0K]  /data/pocs/fffffb523b0da4b42e91da5f10c5b98597776386
├── [ 489]  CVE-2025-6218.bat
├── [ 311]  CVE-2025-6218.zip
├── [1.1K]  LICENSE
└── [2.3K]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!