- WinRar Error Let Designed Archives Release Files Out of the Target Folder, Including in Windows -Start
- New Version 7.12 addresses critical path and html -waistbands
- Windows users urged to update WinRar for improved file security
The Iconic File Archiving Tool Winrar has received a security update that relates to a serious error that could allow attackers to run arbitrary code on the affected systems.
The vulnerability traced as CVE-2025-6218 was identified in the way Winrar handles file paths within archives.
It was discovered by a researcher known as the WHS3 detonator who worked with Trend Micros Zero Day initiative.
Patch now
The question can be found in Windows versions of WinRar, where a specially designed archive can utilize the path of implementation during file extraction.
If a user opens such a file or visits a malicious site, the utilization may allow files to be placed in unintended folders, including sensitive as the Windows Startup folder.
This can cause malicious software to run automatically when the system starts.
RARLAB, the developer of Winrar, has released version 7.12 to tackle this error.
The vulnerability does not affect versions of rar or urar for unix or Android. Users are encouraged to update as soon as possible to reduce the risk of exploitation.
To remain protected from threats like this, it is important to use the best antivirus software, reliable tools for removing malware and strong endpoint protection. Even well -known tools may have shortcomings, so running entrusted security software and keeping all the apps current helps reduce the risk of malware sliding through unnoticed.
The new WinRAR update also solves a non -related problem involving the “Generate Report” feature. In older versions, file names in generated HTML reports were not disinfected correctly, which enabled basic HTML injection. It has now been fixed.
In addition to the security rights, WinRar 7.12 now tests recovery quantities during archive tests, giving users better confirmation that backup files are intact. It also retains precise nanosecond stamps when you change Unix files on Windows.
