CVE-2025-63372 identifies a directory traversal vulnerability in the Articentgroup Zip Rar Extractor Tool version 1.345.93.0. The vulnerability resides in the ZIP file processing component, specifically in how the tool extracts and handles ZIP archive contents. Directory traversal flaws allow attackers to craft specially designed ZIP archives containing file paths with sequences like '../' that escape the intended extraction directory. When such a malicious archive is processed, files can be written to arbitrary locations on the file system. This can overwrite critical system files, configuration files, or place malicious executables in trusted directories, potentially leading to arbitrary code execution or privilege escalation. The vulnerability does not require authentication or user interaction beyond processing the malicious archive. No CVSS score has been assigned yet, and no public exploits are known. However, the nature of directory traversal vulnerabilities in archive extraction tools historically leads to high-impact exploitation scenarios. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for defensive measures. This vulnerability affects any environment where the vulnerable version of the tool is used to extract ZIP files, especially in automated or unattended processes that handle untrusted archives.

For European organizations, the impact of CVE-2025-63372 can be significant. Organizations that rely on the vulnerable Zip Rar Extractor Tool for processing ZIP archives—such as software development firms, document management services, or automated file processing systems—may face risks of arbitrary file overwrite and potential system compromise. This could lead to data breaches, disruption of business operations, or deployment of malware. Critical infrastructure sectors, including finance, healthcare, and government agencies, could be targeted to disrupt services or gain persistent access. The vulnerability's exploitation could also facilitate lateral movement within networks if attackers place backdoors or manipulate system files. Given the absence of known exploits, the threat is currently theoretical but could escalate rapidly once exploit code becomes available. The lack of authentication or user interaction requirements increases the risk, especially in environments that automatically process ZIP files from external sources.

European organizations should immediately audit their use of the Articentgroup Zip Rar Extractor Tool and identify any instances of version 1.345.93.0 or similar vulnerable versions. Until a patch is available, organizations should: 1) Disable automatic extraction of ZIP files from untrusted sources; 2) Implement strict input validation and sanitization of ZIP archive contents, rejecting archives with suspicious path traversal sequences; 3) Use sandboxed or isolated environments for extracting ZIP files to contain potential damage; 4) Employ alternative, secure archive extraction tools with verified vulnerability-free status; 5) Monitor file system changes and logs for unusual activity related to ZIP extraction processes; 6) Educate users and administrators about the risks of processing untrusted archives; and 7) Stay alert for official patches or updates from Articentgroup and apply them promptly. Network segmentation and endpoint protection can also reduce the impact of potential exploitation.