The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added serious vulnerabilities in Microsoft Windows and WinRAR to its Known Exploited Vulnerabilities catalog as of 2025-12-10, urging immediate attention.
Details of the Vulnerabilities
One vulnerability involves WinRAR, where a path traversal flaw could allow attackers to execute arbitrary code. Assigned a CVSS score of 7.8, it can be triggered when users open malicious archives or access compromised webpages. The flaw, reported by whs3-detonator, writes files outside intended directories, demanding user interaction.
The second issue lies in Microsoft Windows' Cloud Files Mini Filter Driver. This use-after-free vulnerability also has a CVSS score of 7.8. It allows authorized local attackers to elevate privileges to SYSTEM.
Response Requirements and Impact
CISA has mandated that federal civilian executive branch agencies address these vulnerabilities by 2025-12-30. This directive places pressure on agencies to ensure systems' security and prevent potential exploitation.
CISA additionally advises private organizations to review their security systems in light of these vulnerabilities. Timely remediation could mitigate risks associated with these critical issues.
