{"cve":{"cve_id":"CVE-2018-20250","is_kev":true,"kev_date_added":"2022-02-15","kev_vendor_project":"RARLAB","kev_product":"WinRAR","kev_vulnerability_name":"WinRAR Absolute Path Traversal Vulnerability","kev_short_description":"WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-08-15","kev_known_ransomware":true,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2018-20250","kev_cwes":["CWE-36"],"epss_score":0.96274,"epss_percentile":0.99871,"epss_as_of":"2026-06-23","description":"In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.","published_at":"2019-02-05T20:00:00Z","last_modified_at":null,"cvss_v3_score":7.8,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-36"],"nvd_references":["https://github.com/blau72/CVE-2018-20250-WinRAR-ACE","https://research.checkpoint.com/extracting-code-execution-from-winrar/","https://www.exploit-db.com/exploits/46552/","http://www.securityfocus.com/bid/106948","https://www.win-rar.com/whatsnew.html","http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html","http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace","https://www.exploit-db.com/exploits/46756/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:11:12.753268Z"},"effective_severity":"HIGH","badges":["kev","ransomware","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"check-point-software-technologies-ltd.","vendor_name":"Check Point Software Technologies Ltd.","product_slug":"winrar","product_name":"WinRAR","version_start":"All versions prior and including 5.61","version_start_inclusive":true,"version_end":"All versions prior and including 5.61","version_end_inclusive":true,"cpe23_uri":"cve5:check-point-software-technologies-ltd.:winrar:All versions prior and including 5.61:All versions prior and including 5.61"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/blau72/CVE-2018-20250-WinRAR-ACE","source_type":"MISC","tags":[]},{"url":"https://research.checkpoint.com/extracting-code-execution-from-winrar/","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/46552/","source_type":"EXPLOIT","tags":["exploit"]},{"url":"http://www.securityfocus.com/bid/106948","source_type":"MISC","tags":[]},{"url":"https://www.win-rar.com/whatsnew.html","source_type":"MISC","tags":[]},{"url":"http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html","source_type":"EXPLOIT","tags":["exploit"]},{"url":"http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/46756/","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2019-02-05T20:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2022-02-15T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:31:12.162116Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:12.162116Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:12.162116Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:12.162116Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:12.162116Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:12.162116Z","label":"CVSS score revised","source":"vulnrichment"}]}