CVE-2025-6218
published 2025-06-21CVE-2025-6218: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected…
PriorityP185high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2025-12-30
Exploited in the wild
EPSS
86.19%
99.7th percentile
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rar | — | — |
| rarlab | winrar | < 7.12 | 7.12 |
| rarlab | winrar | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path%TEMP%
path%LOCALAPPDATA%
pathWindows Startup directory
filenameUpdater.lnk
filenamemsedge.dll
filenameSettings.lnk
filenameComplaint.exe
snort
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT RAR File Directory Traversal Upload (CVE-2025-6218)"; flow:established,to_server; http.request_body; content:"|52 61 72 21 1a|"; fast_pattern; content:"|2e 2e 20|"; pcre:"/(?:\x2f|\x5c{2})\x2e{2}\s+[\x2e\x2f]\w+/"; threshold:type limit, seconds 600, count 1, track by_src; reference:url,www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/; reference:cve,2025-6218; classtype:bad-unknown; sid:2066600; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_06, cve CVE_2025_6218, deployment Perimeter, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)snort
alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT RAR File Directory Traversal Inbound (CVE-2025-6218)"; flow:established,to_client; file.data; content:"|52 61 72 21 1a|"; fast_pattern; content:"|2e 2e 20|"; pcre:"/(?:\x2f|\x5c{2})\x2e{2}\s+[\x2e\x2f]\w+/"; threshold:type limit, seconds 600, count 1, track by_src; reference:url,www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/; reference:cve,2025-6218; classtype:bad-unknown; sid:2066599; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_01_06, cve CVE_2025_6218, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1189, mitre_technique_name Drive_by_Compromise; target:dest_ip;)bytes
|52 61 72 21 1a|
bytes
|2e 2e 20|
- →Detect malicious RAR archives exploiting CVE-2025-6218 by matching the RAR magic bytes (52 61 72 21 1a) combined with a path traversal pattern of double-dot followed by a space (2e 2e 20) in HTTP request bodies or inbound file data.
- →Hunt for LNK files dropped in the Windows Startup directory following RAR archive extraction, as this is the persistence mechanism used in active exploitation.
- →Monitor for msedge.dll being written to COM hijack registry locations, indicative of the Mythic Agent attack chain leveraging CVE-2025-6218.
- →Detect ADS (Alternate Data Stream) entries within RAR archives; malicious archives contain numerous hidden ADS payloads used to conceal a malicious DLL and Windows shortcut.
- →Alert on WinRAR generating multiple warnings during extraction of a single archive, as attackers deliberately add invalid ADS paths to generate harmless-looking warnings while concealing malicious payloads deeper in the file list.
- →Detect Complaint.exe (RustyClaw) spawning and downloading a MeltingClaw DLL as part of the MeltingClaw attack chain attributed to RomCom exploitation of CVE-2025-6218.
- ·Both Snort/Suricata rules require TLS decryption (tls_state TLSDecrypt) to be effective, as the malicious RAR content may be delivered over HTTPS.
- ·CVE-2025-6218 affects only the Windows version of WinRAR (version 7.11 and older); Unix, Android, and portable UnRAR source code are not impacted by this specific flaw. ↗
- ·Exploitation requires user interaction (opening a malicious archive or visiting a specially crafted page), which limits but does not eliminate risk given widespread WinRAR deployment. ↗
- ·Extracted malicious files run with user-level access only, not administrative or SYSTEM rights, but can still steal credentials, install persistence, or enable remote access. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck8.4HIGH
cisa7.8HIGH
vendor_debian7.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x66-x5gf-2pc8: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
ghsa_unreviewed·2025-06-23
CVE-2025-6218 [HIGH] CWE-22 GHSA-8x66-x5gf-2pc8: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
VulnCheck
RARLAB WinRAR Path Traversal Vulnerability
vulncheck·2025·CVSS 8.4
CVE-2025-8088 [HIGH] CWE-35 RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
Affected: RARLAB WinRAR
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2025-8088; https://www.acn.gov.it/portale/w/rilevato-sfruttamento-in-rete-della-cve-2025-8088-relativa-a-winrar; https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/; https:
VulnCheck
RARLAB WinRAR Path Traversal Vulnerability
vulncheck·2025·CVSS 7.8
CVE-2025-6218 [HIGH] CWE-22 RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
Affected: RARLAB WinRAR
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://bi.zone/expertise/blog/paper-werewolf-atakuet-rossiyu-s-ispolzovaniem-uyazvimosti-nulevogo-dnya-v-winrar/; https://8813571.fs1.hubspotusercontent-na1.net/hubfs/8813571/PERISCOPE_VULNINTEL_20250812.pdf; https://ptsecurity.com/ru-ru/research/analytics/russia-cyberthreat-landscape-2026/#id11; https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507464&idx=1&sn=fa744e1c4a49e29091fc4
CISA
RARLAB WinRAR Path Traversal Vulnerability
cisa·2025-12-09·CVSS 7.8
CVE-2025-6218 [HIGH] CWE-22 RARLAB WinRAR Path Traversal Vulnerability
Vulnerability: RARLAB WinRAR Path Traversal Vulnerability
Affected: RARLAB WinRAR
RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218
Remediation Due Date: 2025-12-30
Debian
CVE-2025-6218: rar - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vuln...
vendor_debian·2025·CVSS 7.8
CVE-2025-6218 [HIGH] CVE-2025-6218: rar - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vuln...
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Suricata
ET EXPLOIT RAR File Directory Traversal Upload (CVE-2025-6218)
suricata·2026-01-06·CVSS 7.8
CVE-2025-6218 [HIGH] ET EXPLOIT RAR File Directory Traversal Upload (CVE-2025-6218)
ET EXPLOIT RAR File Directory Traversal Upload (CVE-2025-6218)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT RAR File Directory Traversal Upload (CVE-2025-6218)"; flow:established,to_server; http.request_body; content:"|52 61 72 21 1a|"; fast_pattern; content:"|2e 2e 20|"; pcre:"/(?:\x2f|\x5c{2})\x2e{2}\s+[\x2e\x2f]\w+/"; threshold:type limit, seconds 600, count 1, track by_src; reference:url,www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/; reference:cve,2025-6218; classtype:bad-unknown; sid:2066600; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2026_01_06, cve CVE_2025_6218, deployment Perimeter, confidence High, signature_severity Major, tag Exploit, updated_at 2026_01_06, mitre_ta
Suricata
ET EXPLOIT RAR File Directory Traversal Inbound (CVE-2025-6218)
suricata·2026-01-06·CVSS 7.8
CVE-2025-6218 [HIGH] ET EXPLOIT RAR File Directory Traversal Inbound (CVE-2025-6218)
ET EXPLOIT RAR File Directory Traversal Inbound (CVE-2025-6218)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT RAR File Directory Traversal Inbound (CVE-2025-6218)"; flow:established,to_client; file.data; content:"|52 61 72 21 1a|"; fast_pattern; content:"|2e 2e 20|"; pcre:"/(?:\x2f|\x5c{2})\x2e{2}\s+[\x2e\x2f]\w+/"; threshold:type limit, seconds 600, count 1, track by_src; reference:url,www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/; reference:cve,2025-6218; classtype:bad-unknown; sid:2066599; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_01_06, cve CVE_2025_6218, deployment Perimeter, performance_impact Moderate, confidence High, signature_severity Major, tag Exploit,
Sigma
WinRAR Creating Files in Startup Locations
sigma·CVSS 7.8
CVE-2025-6218 [HIGH] WinRAR Creating Files in Startup Locations
WinRAR Creating Files in Startup Locations
Detects WinRAR creating files in Windows startup locations, which may indicate an attempt to establish persistence by adding malicious files to the Startup folder.
This kind of behaviour has been associated with exploitation of WinRAR path traversal vulnerability CVE-2025-6218 or CVE-2025-8088.
Detection:
condition: selection
selection:
Image|endswith:
- \WinRAR.exe
- \Rar.exe
TargetFilename|contains: \Start Menu\Programs\Startup\
Log Source: category: file_event
product: windows
No public exploits indexed.
Securelist
Exploits and vulnerabilities in Q1 2026
blogs_securelist·2026-05-07·CVSS 7.8
CVE-2026-21519 [HIGH] Exploits and vulnerabilities in Q1 2026
Alexander Kolesnikov
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Notable vulnerabilities
CVE-2026-21519: Desktop Window Manager vulnerability
RegPwn (CVE-2026-21533): a system settings access control vulnerability
CVE-2026-21514: a Microsoft Office vulnerability
Clawdbot (CVE-2026-25253): an OpenClaw vulnerability
CVE-2026-34070: LangChain framework vulnerability
CVE-2026-22812: an OpenCode vulnerability
Conclusion and advice
Authors
Alexander Kolesnikov
During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Off
Securelist
Vulnerability landscape in Q4 2025
blogs_securelist·2026-03-06
Vulnerability landscape in Q4 2025
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- C2 frameworks
- Notable vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vulnerability disclosures, hitting popular libraries and mainstream applications. Several of these vulnerabilities were picked up by attackers and exploited in the wild almost immediately.
In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged with popular C2 frameworks throughout Q4 2025.
## Statistics on registered vulnerabilities
This section contains statistics on regis
Securelist
Exploits and vulnerabilities in Q4 2025
blogs_securelist·2026-03-06·CVSS 7.8
CVE-2025-55182 [HIGH] Exploits and vulnerabilities in Q4 2025
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Notable vulnerabilities
React2Shell (CVE-2025-55182): a vulnerability in React Server Components
CVE-2025-54100: command injection during the execution of curl (Invoke-WebRequest)
CVE-2025-11001: a vulnerability in 7-Zip
RediShell (CVE-2025-49844): a vulnerability in Redis
CVE-2025-24990: a vulnerability in the ltmdm64.sys driver
CVE-2025-59287: a vulnerability in Windows Server Update Services (WSUS)
Conclusion and advice
Authors
Alexander Kolesnikov
The fourth quarter of 2025 went down as one of the most intense periods on record for high-profile, critical vul
Securelist
Exploits and vulnerabilities in Q3 2025
blogs_securelist·2025-12-03·CVSS 7.8
CVE-2025-49704 [HIGH] Exploits and vulnerabilities in Q3 2025
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Interesting vulnerabilities
ToolShell (CVE-2025-49704 and CVE-2025-49706, CVE-2025-53770 and CVE-2025-53771): insecure deserialization and an authentication bypass
CVE-2025-8088: a directory traversal vulnerability in WinRAR
CVE-2025-41244: a privilege escalation vulnerability in VMware Aria Operations and VMware Tools
Conclusion and advice
Authors
Alexander Kolesnikov
In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vuln
Securelist
Analyzing the vulnerability landscape in Q3 2025
blogs_securelist·2025-12-03
Analyzing the vulnerability landscape in Q3 2025
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- C2 frameworks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
In the third quarter, attackers continued to exploit security flaws in WinRAR, while the total number of registered vulnerabilities grew again. In this report, we examine statistics on published vulnerabilities and exploits, the most common security issues impacting Windows and Linux, and the vulnerabilities being leveraged in APT attacks that lead to the launch of widespread C2 frameworks. The report utilizes anonymized Kaspersky Security Network data, which was consensually provided by our users, as well as information from open sources.
## Statistics on
Securelist
Exploits and vulnerabilities in Q2 2025
blogs_securelist·2025-08-27·CVSS 8.2
CVE-2025-32433 [HIGH] Exploits and vulnerabilities in Q2 2025
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Interesting vulnerabilities
CVE-2025-32433: vulnerability in the SSH server, part of the Erlang/OTP framework
CVE-2025-6218: directory traversal vulnerability in WinRAR
CVE-2025-3052: insecure data access vulnerability in NVRAM, allowing bypass of UEFI signature checks
CVE-2025-49113: insecure deserialization vulnerability in Roundcube Webmail
CVE-2025-1533: stack overflow vulnerability in the AsIO3.sys driver
Conclusion and advice
Authors
Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published i
Securelist
Vulnerability landscape analysis for Q2 2025
blogs_securelist·2025-08-27
Vulnerability landscape analysis for Q2 2025
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- C2 frameworks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverage vulnerabilities in real-world attacks as a means of gaining access to user systems, just like in previous periods.
This report also describes known vulnerabilities used with popular C2 frameworks during the first half of 2025.
## Statistics on registered vulnera
Bleepingcomputer
Details emerge on WinRAR zero-day attacks that infected PCs with malware
blogs_bleepingcomputer·2025-08-11·CVSS 7.5
CVE-2025-8088 [HIGH] Details emerge on WinRAR zero-day attacks that infected PCs with malware
## Details emerge on WinRAR zero-day attacks that infected PCs with malware
## Bill Toulas
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads.
RomCom (aka Storm-0978 and Tropical Scorpius) is a Russian cyberespionage threat group with a history in zero-day exploitation, including in Firefox (CVE-2024-9680, CVE-2024-49039) and Microsoft Office (CVE-2023-36884).
ESET discovered that RomCom was exploiting an undocumented path traversal zero-day vulnerability in WinRAR on July 18, 2025, and notified the team behind the popular archiver tool.
"Analysis of the exploit led to the discovery of the vulnerability, now assi
Checkpoint
30th June – Threat Intelligence Report
blogs_checkpoint·2025-06-30
CVE-2025-20281 30th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 30th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Grocery giant Ahold Delhaize has disclosed a data breach that resulted in the theft of personal, financial, employment, and health information belonging to over 2.2 million individuals from its American business systems. The leaked data includes names, contact details, IDs, bank account numbers, and medical information . While
Bleepingcomputer
WinRAR patches bug letting malware launch from extracted archives
blogs_bleepingcomputer·2025-06-25·CVSS 7.8
CVE-2025-6218 [HIGH] WinRAR patches bug letting malware launch from extracted archives
## WinRAR patches bug letting malware launch from extracted archives
## Bill Toulas
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.
The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (high severity), was discovered by security researcher whs3-detonator who reported it through Zero Day Initiative on June 5, 2025.
It affects only the Windows version of WinRAR, from version 7.11 and older, and a fix was released in WinRAR version 7.12 beta 1, which was made available yesterday.
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, d
Recorded Future
December 2025 CVE Landscape: 22 Critical Vulnerabilities Mark 120% Surge, React2Shell Dominates Threat Activity
blogs_recorded_future·CVSS 7.8
CVE-2025-55182 [HIGH] December 2025 CVE Landscape: 22 Critical Vulnerabilities Mark 120% Surge, React2Shell Dominates Threat Activity
# December 2025 CVE Landscape: 22 Critical Vulnerabilities Mark 120% Surge, React2Shell Dominates Threat Activity
December 2025 witnessed a dramatic 120% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 22 vulnerabilities requiring immediate remediation, up from 10 in November. The month was dominated by widespread exploitation of Meta's React Server Components flaw.
What security teams need to know:
- React2Shell pandemonium: CVE-2025-55182 triggered a global exploitation wave with multiple threat actors deploying diverse malware families
- China-nexus exploitation intensifies: Earth Lamia, Jackpot Panda, and UAT-9686 leveraged critical flaws for espionage operations
- Public exploits proliferate: Eleven of 22 vulnerabilities have proof-of-conce
https://www.win-rar.com/singlenewsview.html?&tx_ttnews%5Btt_news%5D=276&cHash=388885bd3908a40726f535c026f94eb6https://www.zerodayinitiative.com/advisories/ZDI-25-409/https://foresiet.com/blog/apt-c-08-winrar-directory-traversal-exploit/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6218https://www.secpod.com/blog/archive-terror-dissecting-the-winrar-cve-2025-6218-exploit-apt-c-08s-stealth-move/
2025-06-21
Published
2025-12-09
Added to CISA KEV
Exploited in the wild