- Winrar FLAW Leave the archives made file files outside the target folder, including in Windows starter
- The new version 7.12 tackles the critical path and the HTML vulnerabilities
- Windows users have asked to update Winrar for better file safety
The Winrar emblematic file archiving tool has received a security update on a serious defect which could allow attackers to execute arbitrary code on affected systems.
Vulnerability, followed in CVE-2025-6218, was identified in the way Winrar manages file paths within the archives.
It was discovered by a researcher known as WHS3-Detonator, working with the Zero Day initiative of Trend Micro.
Patch now
The problem exists in Winrar’s Windows versions, where a specially designed archive can use the path crossing during file extraction.
If a user opens such a file or visit a malicious site, the feat can make it possible to place files in involuntary directories, including sensitive directories such as the Windows starter folder.
This could cause automatic execution of malicious software when the system is bops.
Rarlab, the developer of Winrar, published version 7.12 to approach this flaw.
Vulnerability does not affect Rar or Unrar versions for Unix or Android. Users are invited to update as soon as possible to reduce the operating risk.
To stay protected from threats like this, it is important to use the best antivirus software, reliable malicious software suppression tools and high end protection. Even well -known tools can have defects, therefore the execution of confidence safety software and the maintenance of all applications help reduce the risk of malware that slides unnoticed.
The new Winrar update also corrects an unrelated problem involving the “generating report” function. In the older versions, the file names in the generated HTML reports were not correctly disinfected, which allowed a basic HTML injection. Which has now been corrected.
In addition to the security fixes, Winrar 7.12 now tests recovery volumes during archive tests, which gives users better confirmation than backup files are intact. It also preserves specific Nanoseconds horodatages when changing UNIX files on Windows.
