High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations.

The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised to upgrade to it as soon as possible. (The beta version is expected to be replaced by the final 7.12 release soon.)

About CVE-2025-6218

WinRAR is a popular file archiver utility for Windows that’s used to create and view archives files (in RAR or ZIP file formats) and to “unpack” archive file in other formats and executable files containing those archive formats.

Discovered and privately reported via the Trend Micro Zero Day Initiative by a researcher that goes by “whs3-detonator”, CVE-2025-6218 exists within the handling of file paths within archive files.

“A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user,” the ZDI advisory explains.

“User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.”

CVE-2025-6218 affects:

• WinRAR v7.11 (and earlier)
• Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll

“Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected,” RARLAB says.

WinRAR users are regularly targeted

Due to its vast user base – WinRAR is used by 500+ million users worldwide – vulnerabilities in this software are often exploited by various threat actors.

Since WinRAR doesn’t have an automatic update feature, WinRAR users must download and install the latest available version manually.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!