If you use WinRAR, it’s time to update. The file-archiving utility has patched a serious vulnerability that can be exploited to launch malware from a booby-trapped RAR file.
After a user reported the threat earlier this month to antivirus provider Trend Micro, WinRAR released version 7.12 today, which fixes the bug.
The problem affects earlier Windows versions of WinRAR, which has over 500 million users worldwide. In the release notes, WinRAR says: “A specially crafted archive containing arbitrary code could be used to manipulate file paths during extraction. User interaction is required to exploit this vulnerability, which could cause files to be written outside the intended directory.
“This flaw could be exploited to place files in sensitive locations — such as the Windows Startup folder — potentially leading to unintended code execution on the next system login,” the release notes added.
This Tweet is currently unavailable. It might be loading or has been removed.
The danger could appear if a booby-trapped RAR file is circulated to unsuspecting users, whether through a file download or a torrent. The vulnerability, dubbed CVE-2025-6218, has been given a 7.8 score, indicating it is a “high” severity threat.
It’s unclear if hackers ever exploited the flaw. But a mysterious user named “whs3-detonator” discovered and reported the threat through Trend Micro’s Zero Day Initiative, which focuses on rewarding security researchers who disclose previously unknown software vulnerabilities.
Recommended by Our Editors
Unfortunately, WinRAR doesn’t have an auto-update feature. So users will need to manually download and install the new version to get the patch. Otherwise, their PCs will remain at risk.
“This issue affects only Windows-based builds,” the WinRAR team added. “Versions of RAR and UnRAR for Unix, the portable source code on Unix, and RAR for Android are not affected.”
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
