WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

WinRAR is still one of the most popular compression and decompression platforms, and most users have been using it for years or decades. However, a new report at Trend Micro's Zero Day Initiative has confirmed that the popular app has a significant security exploit.

2

According to the announcement, CVE-2025-6218 has a very high severity rating of 7.8 on the Common Vulnerability Scoring System (CVSS) because it allows "remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR" due to how file paths are handled within archive files. This vulnerability requires user interaction as the exploit can "cause the process to traverse to unintended directories" and execute code.

Yes, this opens the door to accessing sensitive data alongside system files, which can cause harm and make a device unusable. According to RARLAB, the exploit can place files in the Windows Startup folder, "potentially leading to unintended code execution on the next system login."

The good news is that even though the issue was made public a week ago, RARLAB has released WinRAR 7.12 Final, which fixes the 'RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability' exploit.

In the release notes, the company notes that it only affected Windows-based builds of the app and thanks "whs3-detonator, working with Trend Micro's Zero Day Initiative, for responsibly reporting this vulnerability." If you've got WinRAR installed on your Windows-based machine, update to the latest version as soon as possible.

Software exploits like this occur relatively frequently, so it's always great to see a developer jump on the problem quickly and release a fix in a few days.