- Winrar Fold let the prepared files drop files outside the destination folder, including the start of Windows
- The new version 7.12 addresses the critical route and the HTML vulnerabilities
- Windows users urged Winrar to improve file security
The Winrar File Archive tool has received a security update that addresses a serious failure that could allow the attackers to execute arbitrary code in the affected systems.
Vulnerability, tracked as CVE-2025-6218, identified in the way Winrar manages file routes inside the files.
It was discovered by a researcher known as WHS3 Detonator, working with the Trend Micro’s Zero Day initiative.
Patch now
The problem exists in Winrar Windows versions, where a specially developed file can exploit the route route during file extraction.
If a user opens this file or visit a malicious site, the exploit may allow the files to be placed in unwanted directories, including sensitive such as the Windows starting folder.
This could cause malicious software to run automatically when the system starts.
Rarlab, Winrar developer, has launched version 7.12 to address this defect.
Vulnerability does not affect rar or arrar versions for UNIX or Android. Users are urged to update as soon as possible to reduce the risk of exploitation.
To stay protected from threats such as this, it is important to use the best antivirus software, reliable malware elimination tools and strong final point protection. Even well -known tools can have failures, so executing trusted security software and maintaining all current applications helps reduce the risk of unnoticed.
The new Winrar update also solves an unrelated problem that involves the “generate report” function. In previous versions, the file names in the generated HTML reports were not correctly disinfected, which allowed the basic HTML injection. That has now been corrected.
In addition to safety corrections, Winrar 7.12 Now proves recovery volumes during file tests, giving users a better confirmation that backup files are intact. It also preserves the precise nanosecond time brands by modifying UNIX files in Windows.
