Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The US cyber agency has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a pair of vulnerabilities disclosed only this year to its official list of exploited vulnerabilities.
CVE-2025-6218 is a directory traversal remote code execution vulnerability in the popular WinRAR file compression tool that could lead to a remote attacker running arbitrary code. Thankfully, only one version of WinRAR is impacted: 7.11 (64-bit).
This vulnerability has a CVSS score of 7.8, making it a high-severity issue.
It was officially listed with a CVE on 21 June this year, with Trend Micro’s Zero Day Initiative first disclosing the vulnerability in an advisory a few days before.
“User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” Trend Micro said.
Now, it appears folks are doing exactly that, so watch out where you’re visiting or clicking. The vulnerability is patched in the latest version of WinRAR, so make sure you’re upgraded.
CVE-2025-62221, on the other hand, was only disclosed overnight as part of Microsoft’s regular Patch Tuesday patching cycle, and hackers are already on the case, as noted by both Microsoft and now CISA.
This is a use-after-free vulnerability in Windows Cloud Files Mini Filter Driver that could allow an attacker to locally elevate their privileges. Also known as minifilters, these file system filter drivers are used in data encryption and automated backups, and in this case, Cloud Files works with cloud storage platforms such as OneDrive and Google Cloud.
Here’s what Rapid7’s lead software engineer, Adam Barnett, had to say about CVE-2025-62221 in his regular Patch Tuesday roundup.
“Microsoft ranks CVE-2025-62221 as important rather than critical, since an attacker would need to have an existing foothold on the target system,” Barnett said.
“But since it’s already exploited in the wild and leads to SYSTEM privileges, all but the most optimistic blue team threat models will surely treat CVE-2025-62221 as a top priority for remediation.”
Definitely sounds like one to stay on top of.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
