Upgrading WinRAR immediately to dodge a potential exploit via file path vulnerability
In a recent development, a critical remote code execution vulnerability has been discovered in WinRAR, a popular file compression tool used by millions worldwide. The vulnerability, identified as CVE-2025-6218, affects Windows versions of the software and related tools (RAR, UnRAR, UnRAR.dll) up to version 7.11.
The vulnerability, discovered by a researcher working with Trend Micro's Zero Day Initiative, allows hackers to run code on systems. If exploited, the flaw could place files in sensitive locations such as the Windows Startup folder, potentially leading to unintended code execution on the next system login. This could potentially compromise your device, enabling malware to run automatically.
To protect your system from this serious security threat, it is highly recommended that you update WinRAR to the latest patched version promptly. RARLAB, the developer of WinRAR, has issued a patch and advised immediate updating of the software.
**How to update WinRAR:**
1. **Download the latest version:** Visit the official WinRAR website or a trusted source to download the updated version, WinRAR version 7.12 Beta 1.
2. **Install the update:** Run the installer for WinRAR 7.12 Beta 1 and follow the on-screen instructions to upgrade your current version. This will replace the vulnerable version (7.11 or earlier) and protect against the directory traversal exploit.
3. **Verify the installed version:** After installation, open WinRAR and check the version number (usually found under Help > About WinRAR). Ensure it reads **7.12 Beta 1** or higher.
4. **Avoid extracting archives from untrusted sources:** Until updated, be cautious about opening archives from unknown or suspicious origins to reduce the risk of exploitation.
It is essential to note that Unix and Android versions of WinRAR are not affected by this vulnerability. The advisory reiterates that user interaction is necessary for exploiting the WinRAR vulnerability.
In addition to the security patches, the updated version of WinRAR also addresses an HTML injection vulnerability in the "generate report" feature. This will ensure that archived file names are sanitized, preventing potential exploitation.
The vulnerability is due to how WinRAR manages file paths in archives. Updating to the latest WinRAR 7.12 Beta 1 will neutralize this risk by correctly handling archive paths and preventing malicious files from being silently placed in critical directories.
The vulnerability was reported by ZDI to RARLAB on June 5th, and the advisory was released two weeks later. RARLAB and Trend Micro's Zero Day Initiative worked together on a coordinated advisory release.
In summary, updating to the latest WinRAR 7.12 Beta 1 is crucial to safeguard your system against this serious security threat. Be sure to visit the official WinRAR website, download and install the updated version, confirm the update is successful, and practice caution with archive files from untrusted sources.
The discovery of the critical remote code execution vulnerability in WinRAR, CVE-2025-6218, underscores the importance of data-and-cloud-computing and cybersecurity in technology. To mitigate this risk, it is advisable to promptly update WinRAR to the latest version, WinRAR 7.12 Beta 1, which includes a patch for this vulnerability and addresses an HTML injection vulnerability in the "generate report" feature.
