A significant security vulnerability has been discovered in popular Windows software, impacting millions of users. Find out what this means for you.

Millions of users relying on the popular file archiving tool WinRAR are urged to update their software immediately following the release of a critical security patch. The update addresses a serious vulnerability, tracked as CVE-2025-6218, which could allow attackers to execute arbitrary code on affected Windows systems.

The flaw, discovered by security researcher "whs3-detonator" in collaboration with Trend Micro’s Zero Day Initiative, specifically impacts the way WinRAR handles file paths within archives. This vulnerability manifests as a path traversal issue during file extraction on Windows versions of the software.

According to the findings, a specially crafted archive could exploit this flaw. If a user were to open such a malicious file, or even visit a compromised website designed to trigger the exploit, the vulnerability could allow files to be placed in unintended and potentially sensitive directories. Crucially, this includes critical system locations such as the Windows Startup folder. The consequence of this unauthorised file placement could be severe, as it could lead to malicious software running automatically each time the affected system boots up, granting persistent access to attackers.

RARLAB, the developer behind WinRAR, has promptly released version 7.12 to mitigate this critical vulnerability. Users are strongly advised to update to this latest version as soon as possible to minimise their exposure to potential exploitation. It is important to note that this specific vulnerability does not affect versions of RAR or UnRAR designed for Unix or Android operating systems.

This incident serves as a stark reminder of the ongoing importance of maintaining robust cybersecurity practices. Even widely used and trusted software applications can harbor vulnerabilities. Beyond simply updating WinRAR, users are encouraged to employ comprehensive security measures, including reputable antivirus software, effective malware removal tools, and strong endpoint protection solutions. Regularly updating all software applications and operating systems is a fundamental step in reducing the risk of malware and other threats slipping through undetected.

In addition to the critical security fix for CVE-2025-6218, the WinRAR 7.12 update also includes other important improvements. An unrelated issue involving the "Generate Report" feature has been resolved, which previously allowed for basic HTML injection due to improper sanitisation of file names in generated HTML reports. Furthermore, the new version enhances data integrity verification by now testing recovery volumes during archive testing, providing users with better assurance that their backup files are intact. It also improves compatibility by preserving precise nanosecond timestamps when modifying Unix files on Windows.

Sources:

• RARLAB Official Website (for WinRAR version 7.12 release notes)

• Trend Micro Zero Day Initiative (for vulnerability disclosure information related to whs3-detonator's findings)

• CVE-2025-6218 (National Vulnerability Database or similar public vulnerability database for details on the CVE)