QwikSec

Security Database

CVE

CWE

Training

CVE-2018-20250

Published: Feb 5, 2019

Modified: Oct 21, 2025

PUBLISHED

Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Vendor	Product	Versions
Check Point Software Technologies Ltd.	WinRAR	affected `All versions prior and including 5.61`

Weaknesses (CWE)

References

https://github.com/blau72/CVE-2018-20250-WinRAR-ACE

x_refsource_MISC

https://research.checkpoint.com/extracting-code-execution-from-winrar/

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

https://www.win-rar.com/whatsnew.html

x_refsource_MISC

http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html

x_refsource_MISC

http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_ace

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.