June 25, 2025 By Bill Toulas
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.
The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (high severity), was discovered by security researcher whs3-detonator who reported it through Zero Day Initiative on June 5, 2025.
It affects only the Windows version of WinRAR, from version 7.11 and older, and a fix was released in WinRAR version 7.12 beta 1, which was made available yesterday.
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," read the changelog notes.
