Zip Rar Extractor Tool Directory Traversal Remote Code Execution Vulnerability
← Back to AdvisoriesCVE Number
CVE-2025-63372
Vendor
Zip Rar Extractor Tool
Credit
teatree, JSec
Description
A directory traversal vulnerability exists in Zip Rar Extractor Tool, caused by insufficient validation of file paths during ZIP archive extraction. User interaction is required to exploit this vulnerability in that the target must extract a malicious ZIP archive. An attacker can leverage this vulnerability to execute code in the context of the current user.
Timeline
2025-10-20 - Vulnerability reported to Vendor
2025-11-20 - Vendor Patch Release