Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Rarlab
Winrar

rarlab winrar Vulnerabilities: CVEs, CISA KEV & Security Advisories

29 CVEs

4 in CISA KEV

rarlab winrar Vulnerabilities

CVE security advisories and vulnerability history for winrar by rarlab.

29

Total CVEs

Published

4

In CISA KEV

Exploited in the wild

13

Public exploits

With known exploit

7.0

Avg CVSS

2004–2026

Last updated April 5, 2026

Overview

rarlab winrar has 29 published CVE records since 2004, of which 4 are in CISA's Known Exploited Vulnerabilities catalog and 13 have a known public exploit. The average CVSS base score across scored CVEs is 7.0.

This page aggregates every publicly disclosed vulnerability (CVE) affecting rarlab winrar, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of rarlab winrar's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High8

Medium4

Low1

16 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

4

4 of rarlab winrar's CVEs are confirmed exploited in the wild.

Public exploits

13

13 of rarlab winrar's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every rarlab winrar version named in a CVE, then pick one to see only the CVEs that affect it.

Fixed in

6.232 CVEs
7.002 CVEs
> 6.241 CVE
3.911 CVE
5.001 CVE
7.111 CVE
7.121 CVE
7.131 CVE

Default status

All versions1 CVE

Find a version

29 CVEs

Sort

WinRAR 5.61 Denial of Service via Malformed Language File
CVE-2019-25677
Public exploit
CWE-379
Medium · CVSS 6.9
EPSS 0.0% (4th pct)2026-04-05
Medium vulnerability · 2025-11-12
CVE-2025-52331CWE-79
Medium · CVSS 6.1
EPSS 0.0% (7th pct)2025-11-12
Path traversal vulnerability in WinRAR
CVE-2025-8088
CISA KEV
Public exploit
Patch
CWE-35
Added to CISA KEV 2025-08-12
High · CVSS 8.4
EPSS 10.7% (93th pct)2025-08-08
WinRAR < 5.00 Filename Spoofing RCE
CVE-2014-125119
Public exploit
Patch
CWE-434
High · CVSS 8.4
EPSS 36.3% (97th pct)2025-07-25
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
CVE-2025-6218
CISA KEV
Public exploit
Patch
CWE-22
Added to CISA KEV 2025-12-09
High · CVSS 8.4
EPSS 6.6% (91th pct)2025-06-21
Medium vulnerability · 2025-04-03
CVE-2025-31334
Patch
CWE-356
Medium · CVSS 6.8
EPSS 0.1% (25th pct)2025-04-03
High vulnerability · 2024-05-21
CVE-2024-36052
Public exploit
Patch
CWE-150
High · CVSS 7.5
EPSS 0.1% (33th pct)2024-05-21
High vulnerability · 2024-05-03
CVE-2023-40477
Patch
CWE-129
High · CVSS 7.8
EPSS 91.9% (100th pct)2024-05-03
High vulnerability · 2024-04-28
CVE-2024-33899
Public exploit
Patch
CWE-150
High · CVSS 7.1
EPSS 1.4% (81th pct)2024-04-28
Medium vulnerability · 2024-04-02
CVE-2024-30370CWE-693
Medium · CVSS 4.3
EPSS 0.5% (66th pct)2024-04-02
High vulnerability · 2023-08-23
CVE-2023-38831
CISA KEV
Public exploit
Patch
CWE-351
Added to CISA KEV 2023-08-24
High · CVSS 8.4
EPSS 93.9% (100th pct)2023-08-23
Low vulnerability · 2023-03-29
CVE-2022-43650CWE-125
Low · CVSS 2.5
EPSS 1.8% (83th pct)2023-03-29
Vulnerability · 2019-02-13
CVE-2018-20253CWE-787
Unscored
EPSS 0.7% (73th pct)2019-02-13
Vulnerability · 2019-02-05
CVE-2018-20252CWE-787
Unscored
EPSS 0.7% (73th pct)2019-02-05
Vulnerability · 2019-02-05
CVE-2018-20251CWE-693
Unscored
EPSS 0.6% (71th pct)2019-02-05
High vulnerability · 2019-02-05
CVE-2018-20250
CISA KEV
Public exploit
CWE-36
Added to CISA KEV 2022-02-15
High · CVSS 8.4
EPSS 93.5% (100th pct)2019-02-05
Vulnerability · 2015-12-30
CVE-2015-5663
Unscored
EPSS 0.1% (24th pct)2015-12-30
Vulnerability · 2009-09-01
CVE-2008-7144
Unscored
EPSS 1.1% (78th pct)2009-09-01
Vulnerability · 2006-07-28
CVE-2006-3912
Public exploit
Unscored
EPSS 0.9% (76th pct)2006-07-28
Vulnerability · 2006-07-25
CVE-2006-3845
Public exploit
Unscored
EPSS 5.6% (90th pct)2006-07-25
Vulnerability · 2006-01-06
CVE-2005-4620
Public exploit
Unscored
EPSS 0.2% (41th pct)2006-01-06
Vulnerability · 2005-12-22
CVE-2005-4474
Unscored
EPSS 0.7% (73th pct)2005-12-22
Vulnerability · 2005-10-20
CVE-2005-3263
Unscored
EPSS 5.4% (90th pct)2005-10-20
Vulnerability · 2005-10-20
CVE-2005-3262
Public exploit
Unscored
EPSS 9.6% (93th pct)2005-10-20
Vulnerability · 2005-02-19
CVE-2004-1495
Unscored
EPSS 0.9% (76th pct)2005-02-19
Vulnerability · 2005-02-10
CVE-2005-0331
Unscored
EPSS 0.4% (60th pct)2005-02-10
Vulnerability · 2004-12-22
CVE-2004-1254
Public exploit
Unscored
EPSS 5.2% (90th pct)2004-12-22
Vulnerability · 2004-05-05
CVE-2004-0235
Unscored
EPSS 10.5% (93th pct)2004-05-05
Vulnerability · 2004-05-05
CVE-2004-0234
Unscored
EPSS 8.5% (93th pct)2004-05-05

Common weakness types

The CWE weakness categories most often found in rarlab winrar CVEs. Follow any weakness for its full explanation.

CWE-693Protection Mechanism Failure2 CVEs
CWE-787Out-of-bounds Write2 CVEs
CWE-150Improper Neutralization of Escape, Meta, or Control Sequences2 CVEs
CWE-35Path Traversal: '.../...//'1 CVE
CWE-351Insufficient Type Distinction1 CVE
CWE-356Product UI does not Warn User of Unsafe Actions1 CVE
CWE-36Absolute Path Traversal1 CVE
CWE-379Creation of Temporary File in Directory with Insecure Permissions1 CVE

Disclosure activity by year

How many rarlab winrar CVEs were published each year.

2004

3

2005

5

2006

3

2009

1

2015

1

2019

4

2023

2

2024

4

2025

5

2026

1

Other rarlab products

Browse vulnerabilities for other products by rarlab.

unrar15 CVEs rar2 CVEs far manager1 CVEs RAR App1 CVEs

All rarlab vulnerabilities

Frequently asked questions

Common questions about rarlab winrar vulnerabilities.

How many CVEs does rarlab winrar have?

rarlab winrar has 29 published CVE records since 2004.

How many rarlab winrar CVEs are in CISA KEV?

Yes — 4 of rarlab winrar's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Are there public exploits for rarlab winrar vulnerabilities?

Yes — 13 of rarlab winrar's CVEs have a known public exploit.

Which versions of rarlab winrar are affected?

9 distinct rarlab winrar versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in rarlab winrar CVEs?

rarlab winrar's CVEs most often map to these CWE weakness types: CWE-693 (Protection Mechanism Failure), CWE-787 (Out-of-bounds Write), CWE-150 (Improper Neutralization of Escape, Meta, or Control Sequences), CWE-35 (Path Traversal: '.../...//').

What is the average severity of rarlab winrar CVEs?

The average CVSS base score across rarlab winrar's scored CVEs is 7.0.

References

All rarlab vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track rarlab winrar vulnerabilities

Monitor new rarlab winrar vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References