WinRAR has addressed a listing traversal vulnerability tracked as CVE-2025-6218 that, below sure circumstances, permits malware to be executed after extracting a malicious archive.
The flaw tracked as CVE-2025-6218 and assigned a CVSS rating of seven.8 (excessive severity), was found by security researcher whs3-detonator who reported it by way of Zero Day Initiative on June 5, 2025.
It impacts solely the Home windows model of WinRAR, from model 7.11 and older, and a repair was launched in WinRAR model 7.12 beta 1, which was made obtainable yesterday.
“When extracting a file, earlier variations of WinRAR, Home windows variations of RAR, UnRAR, moveable UnRAR supply code and UnRAR.dll might be tricked into utilizing a path, outlined in a specifically crafted archive, as an alternative of person specified path,” learn the changelog notes.
A malicious archive might include recordsdata with crafted relative paths tricking WinRAR into “silently” extracting these to delicate areas like system directories and auto-run or startup folders.
If the archive’s contents are malicious, these recordsdata might launch routinely and set off harmful code execution the following time the person logs into Home windows.
Though the packages will run with user-level entry relatively than administrative or SYSTEM rights, they will nonetheless steal delicate knowledge like browser cookies and saved passwords, set up persistence mechanisms, or present distant entry for additional lateral motion.
The danger of CVE-2025-6218 is contained by the truth that person interplay is required for its exploitation, like opening a malicious archive or visiting a specifically crafted web page.
Nevertheless, it is extremely widespread for customers to make the most of previous variations of WinRar, and as there are such a lot of methods to distribute malicious archives, the chance stays very excessive.
In addition to CVE-2025-6218, WinRAR 7.12 beta 1 additionally addresses an HTML injection in report technology drawback reported by Marcin Bobryk, the place archived file names containing < or > might be injected into the HTML report as uncooked HTML tags. This might allow HTML/JS injection if reviews are opened in an internet browser.
Two extra minor points mounted within the newest WinRAR launch embrace incomplete testing of restoration volumes and timestamp precision loss for Unix information.
Though CVE-2025-6218 doesn’t impression Unix variations, Android, and moveable UnRAR supply code, all customers of WinRAR, whatever the platform, are really helpful to improve to the newest model instantly.
At the moment, there aren’t any reviews about CVE-2025-6218, however given the widespread deployment of WinRAR globally and the historical past of hackers focusing on the software program, customers ought to replace to the newest model instantly.
Patching used to imply advanced scripts, lengthy hours, and countless fireplace drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and concentrate on strategic work — no advanced scripts required.
