A significant security exploit in WinRAR, the popular file archiver software, was recently reported via Trend Micro’s Zero Day Initiative. The directory traversal vulnerability identified as CVE-2025-6218 is said to take advantage of how a file compression tool handles directory paths within archive files, allowing remote attackers to execute arbitrary code by creating and distributing malicious archives.
Discovered by independent researcher ‘whs3-detonator,’ the vulnerability allows an attacker to run harmful code on a victim's computer. Although user interaction is necessary for the attack to be successful, the attacker can essentially manipulate the file paths handled by WinRAR during extraction. By doing so, they can trick the software to place files outside the intended folder, allowing potential access to restricted system directories.
The vulnerability gets a 7.8/10 score on the Common Vulnerability Scoring System (CVSS) which is a standardized framework for assessing and rating the severity of security vulnerabilities. Meaning this vulnerability poses a high risk to confidentiality, as it can expose sensitive data, manipulate system files, and even make a system completely unusable.
RARLAB, the company behind WinRAR and the RAR file format has thankfully patched the vulnerability in its latest beta release. According to the patch notes, WinRAR v7.11 (and earlier) as well as Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll are all at risk, while Unix versions of RAR, UnRAR, portable UnRAR source code, UnRAR library, and RAR for Android, are unaffected. Users are strongly advised to manually update to the latest WinRAR 7.12 Beta 1 release to protect their systems against the CVE-2025-6218 vulnerability.
Given its massive user base of over 500 million users worldwide, WinRAR vulnerabilities are frequently targeted and exploited by a wide range of threat actors. Back in April, we reported an issue that enabled the software to execute without the Windows Mark of the Web (MotW) security pop-up. This is the same Windows alert that warns users against running untrusted software downloaded from the internet. Fortunately, this issue was addressed via the official release notes for WinRAR version 7.11 confirming a patch for the vulnerability and additional technical details about the fix.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
