bleepingcomputer[.]com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/
neowin[.]net/software/winrar-712/
WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive.The flaw tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (high severity), was discovered by security researcher whs3-detonator who reported it through Zero Day Initiative on June 5, 2025.
It affects only the Windows version of WinRAR, from version 7.11 and older, and a fix was released in WinRAR version 7.12 beta 1, which was made available yesterday.
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," read the changelog notes.
A malicious archive could contain files with crafted relative paths tricking WinRAR into "silently" extracting those to sensitive locations like system directories and auto-run or startup folders.
If the archive's contents are malicious, these files could launch automatically and trigger dangerous code execution the next time the user logs into Windows.
Although the programs will run with user-level access rather than administrative or SYSTEM rights, they can still steal sensitive data like browser cookies and saved passwords, install persistence mechanisms, or provide remote access for further lateral movement.