{"containers": {"cna": {"affected": [{"product": "WinRAR", "vendor": "Check Point Software Technologies Ltd.", "versions": [{"status": "affected", "version": "All versions prior and including 5.61"}]}], "datePublic": "2019-02-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-25T18:06:08.000Z", "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"tags": ["x_refsource_MISC"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106948"}, {"tags": ["x_refsource_MISC"], "url": "https://www.win-rar.com/whatsnew.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/46756/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2019-02-05T00:00:00", "ID": "CVE-2018-20250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WinRAR", "version": {"version_data": [{"version_value": "All versions prior and including 5.61"}]}}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-36: Absolute Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "refsource": "MISC", "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "refsource": "MISC", "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106948"}, {"name": "https://www.win-rar.com/whatsnew.html", "refsource": "MISC", "url": "https://www.win-rar.com/whatsnew.html"}, {"name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"name": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/46756/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:19.126Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"name": "106948", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106948"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.win-rar.com/whatsnew.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46756/"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-20250", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:40:28.345239Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250", "tags": ["government-resource"]}], "timeline": [{"time": "2022-02-15T00:00:00+00:00", "lang": "en", "value": "CVE-2018-20250 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:45:43.535Z"}}]}, "cveMetadata": {"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "assignerShortName": "checkpoint", "cveId": "CVE-2018-20250", "datePublished": "2019-02-05T20:00:00.000Z", "dateReserved": "2018-12-19T00:00:00.000Z", "dateUpdated": "2025-10-21T23:45:43.535Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://www.win-rar.com/whatsnew.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:58:19.126Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-20250", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T13:40:28.345239Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-02-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250"}}}], "timeline": [{"lang": "en", "time": "2022-02-15T00:00:00+00:00", "value": "CVE-2018-20250 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250", "tags": ["government-resource"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T13:40:03.795Z"}}], "cna": {"affected": [{"vendor": "Check Point Software Technologies Ltd.", "product": "WinRAR", "versions": [{"status": "affected", "version": "All versions prior and including 5.61"}]}], "datePublic": "2019-02-05T00:00:00.000Z", "references": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "tags": ["x_refsource_MISC"]}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://www.win-rar.com/whatsnew.html", "tags": ["x_refsource_MISC"]}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}], "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36: Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2019-04-25T18:06:08.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "All versions prior and including 5.61"}]}, "product_name": "WinRAR"}]}, "vendor_name": "Check Point Software Technologies Ltd."}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "name": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", "refsource": "MISC"}, {"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/46552/", "name": "46552", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/106948", "name": "106948", "refsource": "BID"}, {"url": "https://www.win-rar.com/whatsnew.html", "name": "https://www.win-rar.com/whatsnew.html", "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", "refsource": "MISC"}, {"url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "name": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/46756/", "name": "46756", "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-36: Absolute Path Traversal"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-20250", "STATE": "PUBLIC", "ASSIGNER": "cve@checkpoint.com", "DATE_PUBLIC": "2019-02-05T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2018-20250", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:45:43.535Z", "dateReserved": "2018-12-19T00:00:00.000Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2019-02-05T20:00:00.000Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-08-15", "cisaExploitAdd": "2022-02-15", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "WinRAR Absolute Path Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EA0C7CE-99E6-4C92-AE89-6C6A8DF92126", "versionEndIncluding": "5.61", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path."}, {"lang": "es", "value": "En WinRAR, en versiones anteriores a la 5.61, hay una vulnerabilidad de salto de directorio al manipular el campo \"filename\" del formato ACE (en UNACEV2.dll). Cuando este campo se manipula con patrones espec\u00edficos, la carpeta de destino (extracci\u00f3n) se ignora, tratando el nombre de archivo como ruta absoluta."}], "id": "CVE-2018-20250", "lastModified": "2025-10-22T00:16:22.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-02-05T20:29:00.243", "references": [{"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"source": "cve@checkpoint.com", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"source": "cve@checkpoint.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106948"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Press/Media Coverage", "Third Party Advisory"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"source": "cve@checkpoint.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46756/"}, {"source": "cve@checkpoint.com", "tags": ["Release Notes"], "url": "https://www.win-rar.com/whatsnew.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Press/Media Coverage", "Third Party Advisory"], "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46552/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46756/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.win-rar.com/whatsnew.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-20250"}], "sourceIdentifier": "cve@checkpoint.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "cve@checkpoint.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}