Alert: Cybercriminals Target Windows and WinRAR Vulnerabilities
The United States Cybersecurity and Infrastructure Security Agency (CISA) has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog for public awareness.
This year, CISA has added a pair of recently disclosed vulnerabilities to its official repository of exploited issues. The first, identified as CVE-2025-6218, pertains to a directory traversal remote code execution flaw within the widely used WinRAR file compression software.
This vulnerability could enable a remote adversary to execute arbitrary code. Fortunately, only WinRAR version 7.11 (64-bit) is susceptible.
This vulnerability carries a CVSS score of 7.8, categorizing it as a high-severity concern.
It was officially recognized under a CVE designation on June 21 of this year, with Trend Micro’s Zero Day Initiative disclosing it just a few days prior in an advisory.
According to Trend Micro, “User interaction is imperative for the exploitation of this vulnerability; the target must visit a nefarious webpage or open a malicious file.”
As instances of exploitation are already being reported, users are advised to exercise caution while browsing or clicking on links. Importantly, the vulnerability has been mitigated in the latest iteration of WinRAR, so users should ensure their software is updated.
Conversely, CVE-2025-62221 was disclosed just recently as part of Microsoft’s Patch Tuesday updates, and reports indicate that hackers have swiftly adapted to exploit this flaw, as noted by both Microsoft and CISA.
This issue is classified as a use-after-free vulnerability affecting the Windows Cloud Files Mini Filter Driver, potentially allowing attackers to locally escalate their privileges.
These filter drivers, also known as minifilters, play a crucial role in data encryption and automated backup operations, specifically facilitating interactions with cloud storage solutions like OneDrive and Google Cloud.
In a recent roundup of Patch Tuesday vulnerabilities, Rapid7’s lead software engineer, Adam Barnett, shared insights on CVE-2025-62221.
“Microsoft categorizes CVE-2025-62221 as important rather than critical, as an attacker must have an existing foothold on the impacted system,” Barnett noted.
“Nevertheless, with its exploitation already occurring in the wild and the potential to attain SYSTEM privileges, it is prudent that cybersecurity teams prioritize remediation efforts.”
This vulnerability is one that warrants close monitoring.
David Hollingworth
David Hollingworth boasts over two decades of experience in technology journalism, contributing to a range of print and online publications. He is particularly enthusiastic about delving into cybersecurity topics, especially those that intersect with his passion for Lego.
Source link: Cybersecurityconnect.com.au.
