---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2025-6218 (WinRAR) and CVE-2025-62221 (Windows) to its KEV Catalog. Learn why these flaws pose severe risks and how to mitigate them."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2025-6218, cve-2025-62221, winrar, windows, threat-intelligence]
score: 0.87
cve_ids: [CVE-2025-6218, CVE-2025-62221]
---
TL;DR
CISA has added two actively exploited vulnerabilities—CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Windows use-after-free)—to its Known Exploited Vulnerabilities (KEV) Catalog. These flaws are being weaponized by threat actors, posing significant risks to federal and private sector networks. Organizations must prioritize patching to mitigate potential attacks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two critical vulnerabilities after confirming their active exploitation in the wild. The flaws, affecting RARLAB WinRAR and Microsoft Windows, have been added to CISA’s [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), signaling an urgent need for remediation.
These vulnerabilities serve as prime attack vectors for malicious cyber actors, particularly those targeting federal agencies and enterprise networks. CISA’s directive underscores the growing threat landscape and the necessity for proactive vulnerability management.
---
Key Points
- CVE-2025-6218: A path traversal vulnerability in RARLAB WinRAR that could allow attackers to execute arbitrary code or access sensitive files.
- CVE-2025-62221: A use-after-free vulnerability in Microsoft Windows, enabling privilege escalation or remote code execution.
- Binding Operational Directive (BOD) 22-01 mandates federal agencies to remediate these vulnerabilities by a specified deadline to protect against active threats.
- While BOD 22-01 applies to Federal Civilian Executive Branch (FCEB) agencies, CISA urges all organizations to prioritize patching these flaws to reduce exposure to cyberattacks.
---
Technical Details
#### CVE-2025-6218: WinRAR Path Traversal Vulnerability
This vulnerability arises from improper handling of file paths in WinRAR, a widely used file archiving tool. Attackers can craft malicious RAR archives to exploit the flaw, leading to arbitrary file writes or remote code execution (RCE) on the victim’s system. The flaw is particularly dangerous due to WinRAR’s prevalence in both personal and enterprise environments.
#### CVE-2025-62221: Windows Use-After-Free Vulnerability
A use-after-free (UAF) flaw in the Windows operating system allows attackers to execute malicious code in the context of a privileged process. UAF vulnerabilities are notorious for enabling privilege escalation or sandbox escapes, making them highly sought-after by threat actors. This flaw could be chained with other exploits to compromise entire systems.
---
Impact Assessment
The addition of these vulnerabilities to CISA’s KEV Catalog highlights their high severity and active exploitation. Federal agencies face immediate compliance requirements, but the risks extend to all organizations using affected software. Failure to patch could result in:
- Data breaches via unauthorized access to sensitive files.
- Ransomware attacks leveraging RCE or privilege escalation.
- Lateral movement within networks, leading to widespread compromise.
Given the widespread use of WinRAR and Windows, the potential attack surface is vast, encompassing governments, businesses, and individual users.
---
Mitigation Steps
CISA recommends the following actions to mitigate these vulnerabilities:
1. Apply Patches Immediately
- Update WinRAR to the latest version to address CVE-2025-6218.
- Install Microsoft’s latest security updates to fix CVE-2025-62221.
2. Prioritize KEV Catalog Vulnerabilities
- Organizations should integrate CISA’s KEV Catalog into their vulnerability management programs and prioritize remediation of listed flaws.
3. Monitor for Exploitation
- Deploy intrusion detection systems (IDS) and endpoint protection to detect and block exploitation attempts.
4. Educate Users
- Warn users about the risks of opening untrusted RAR files or clicking suspicious links, which could trigger these vulnerabilities.
---
Conclusion
The inclusion of CVE-2025-6218 and CVE-2025-62221 in CISA’s KEV Catalog serves as a critical reminder of the persistent threats posed by unpatched software. While federal agencies are required to act, all organizations must treat these vulnerabilities as a top priority. Timely patching, robust monitoring, and user awareness are essential to defending against the growing tide of cyber threats.
For more details, refer to CISA’s [official advisory](https://www.cisa.gov/news-events/alerts/2025/12/09/cisa-adds-two-known-exploited-vulnerabilities-catalog).
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/09/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE Details. "[CVE-2025-6218](https://www.cve.org/CVERecord?id=CVE-2025-6218)". Retrieved 2025-01-24.
[^3]: CVE Details. "[CVE-2025-62221](https://www.cve.org/CVERecord?id=CVE-2025-62221)". Retrieved 2025-01-24.