WinRAR, one of the most widely used compression tools on Windows systems, is facing a serious security threat. A recently discovered critical vulnerability in the popular software allows cybercriminals to execute malicious code on compromised machines. The flaw has been rated 7.8 out of 10 on the CVSS v3.1 severity scale, placing it in the high-risk category.
Although many similar applications exist, WinRAR has become an essential tool for millions of users worldwide. Its widespread use also makes it a frequent target for cyberattacks. As a result, its developers work diligently to release regular updates and security patches. This time, RARLAB has addressed one of the most severe flaws ever detected with the release of WinRAR 7.12, published on June 25, 2025.
The vulnerability, listed under the identifier CVE-2025-6218, was reported by Trend Micro’s Zero Day Initiative and discovered by researcher “whs3-detonator.” It allows attackers to manipulate file extraction paths, tricking the software into placing malicious files in different folders than intended. This technique increases the risk by concealing dangerous files within the system.
While exploiting this flaw requires some user interaction—such as opening a malicious file or visiting a compromised webpage—these scenarios are not uncommon. Downloading compressed content from unverified sources or being redirected through shady websites can easily lead to such exposures.
Unlike other, less critical issues such as high resource consumption, this vulnerability poses a direct threat to user safety by potentially enabling remote code execution without the user’s consent.
To check whether your version of WinRAR is vulnerable, open the program, go to the “Help” menu, and select “About WinRAR…”. If your version is older than 7.12, it is highly recommended that you update immediately to prevent attackers from exploiting this flaw—especially if you often decompress files from unknown sources.
RARLAB strongly urges all users to install the latest version as soon as possible to eliminate this dangerous security gap.