WinRAR has patched a high-severity directory traversal vulnerability—CVE-2025-6218—that could allow malware to execute after extracting specially crafted archives.
The flaw, which carries a CVSS score of 7.8, was discovered by researcher whs3-detonator and reported via the Zero Day Initiative on June 5, 2025.
The issue affects only Windows versions of WinRAR up to v7.11, and has been fixed in the newly released WinRAR 7.12 beta 1. According to the changelog, attackers could craft archive files with malicious paths to trick WinRAR into extracting content into sensitive locations, such as system directories or auto-run folders, leading to code execution on the next Windows login.
While the vulnerability requires user interaction, such as opening a malicious archive, it still poses a significant risk due to the widespread use of outdated WinRAR versions and the popularity of the software as a malware delivery vector.
The update also fixes an HTML injection vulnerability found by Marcin Bobryk, which could allow HTML/JavaScript injection in generated reports if opened in a browser. Other minor fixes address recovery volume testing and Unix timestamp precision issues.
Though CVE-2025-6218 doesn’t affect Unix, Android, or portable UnRAR builds, all users are strongly advised to update to the latest version to ensure maximum security.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
