WinRAR has addressed a listing traversal vulnerability tracked as CVE-2025-6218 that, underneath sure circumstances, permits malware to be executed after extracting a malicious archive.
The flaw tracked as CVE-2025-6218 and assigned a CVSS rating of seven.8 (excessive severity), was found by safety researcher whs3-detonator who reported it by Zero Day Initiative on June 5, 2025.
It impacts solely the Home windows model of WinRAR, from model 7.11 and older, and a repair was launched in WinRAR model 7.12 beta 1, which was made obtainable yesterday.
“When extracting a file, earlier variations of WinRAR, Home windows variations of RAR, UnRAR, transportable UnRAR supply code and UnRAR.dll will be tricked into utilizing a path, outlined in a specifically crafted archive, as a substitute of consumer specified path,” learn the changelog notes.
A malicious archive may comprise recordsdata with crafted relative paths tricking WinRAR into “silently” extracting these to delicate places like system directories and auto-run or startup folders.
If the archive’s contents are malicious, these recordsdata may launch routinely and set off harmful code execution the following time the consumer logs into Home windows.
Though the packages will run with user-level entry moderately than administrative or SYSTEM rights, they will nonetheless steal delicate knowledge like browser cookies and saved passwords, set up persistence mechanisms, or present distant entry for additional lateral motion.
The danger of CVE-2025-6218 is contained by the truth that consumer interplay is required for its exploitation, like opening a malicious archive or visiting a specifically crafted web page.
Nonetheless, it is rather frequent for customers to make the most of previous variations of WinRar, and as there are such a lot of methods to distribute malicious archives, the chance stays very excessive.
In addition to CVE-2025-6218, WinRAR 7.12 beta 1 additionally addresses an HTML injection in report technology downside reported by Marcin Bobryk, the place archived file names containing < or > might be injected into the HTML report as uncooked HTML tags. This might allow HTML/JS injection if studies are opened in an internet browser.
Two extra minor points mounted within the newest WinRAR launch embody incomplete testing of restoration volumes and timestamp precision loss for Unix information.
Though CVE-2025-6218 doesn’t impression Unix variations, Android, and transportable UnRAR supply code, all customers of WinRAR, whatever the platform, are really helpful to improve to the newest model instantly.
At the moment, there are not any studies about CVE-2025-6218, however given the widespread deployment of WinRAR globally and the historical past of hackers focusing on the software program, customers ought to replace to the newest model instantly.
Patching used to imply complicated scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, scale back overhead, and deal with strategic work — no complicated scripts required.
