A patch has been released for a newly discovered vulnerability in RARLABโs WinRAR software that could allow hackers to execute remote code on your device.
For those unaware, WinRAR is a popular file compression and archiver utility for Windows, which can create and view archives in RAR or ZIP file formats and unpack numerous archive file formats.
The critical security vulnerability, identified as CVE-2025-6218, could allow attackers to execute malicious code on a victim’s system simply by getting the user to open a specially crafted file or visit a malicious web page.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path,”ย read the changelog notes.
Whatโs The Issue?
The bug stems from how WinRAR processes file paths in archive files. By crafting a cleverly manipulated path inside an archive, attackers can trick the software into extracting files outside the intended directory โ a well-known method called directory traversal. This flaw could allow attackers to execute arbitrary code on the system with the same permissions as the user.
This vulnerability has been assigned a CVSS score of 7.8, indicating a high severity issue. Although it requires user interaction to open a malicious file or link, the user interaction โ particularly important for users who often work with downloaded archive files.
Who Found It?
The flaw was discovered by an independent security researcher known as โwhs3-detonatorโ who reported it responsibly to RARLAB, the company behind WinRAR and the RAR file format, through Trend Microโs Zero Day Initiative (ZDI) on June 5, 2025. The fix for this vulnerability was released just two weeks later.
Are All Platforms Affected?ย ย ย ย ย ย ย ย ย ย ย
The vulnerability affects WinRAR v7.11 (and earlier) as well as Windows versions of RAR, UnRAR, portable UnRAR source code, and UnRAR.dll. However, the Unix versions of RAR, UnRAR, portable UnRAR source code, UnRAR library, and RAR for Android remain unaffected.
What Should Users Do?
RARLAB has patched the CVE-2025-6218 vulnerability in the latest WinRAR version 7.12 Beta 1. If you are a WinRAR user on a Windows PC, we strongly recommend you update to the latest version, 7.12, immediately. This version not only patches the directory traversal remote code execution bug but also fixes several other security and functionality issues. For more details, you can check out RARLABโs official update page here.
