One of the world’s most widely used file archiving programs, WinRAR, has been found to have a serious security flaw. The flaw poses a danger to millions of Windows users. When exploited, it allows hackers to insert malware that runs with each computer boot-up.
Critical WinRAR Security Flaw Hits Millions of Windows Users
This flaw is CVE-2025-6218. It stems from a flaw in the extraction of archive files by WinRAR. That is, the program fails to properly validate file paths during extraction. That is, an attacking archive file can place its contents in restricted directories—directories to which users or programs do not necessarily have unfettered access.
The bad news? The vulnerability can be used by hackers to drop programs into directories that will execute programs automatically on boot-up by Windows. Once malware is installed there, it will run with every boot-up of the system. This gives attackers persistent access to an exploited machine.
Malware Risk Discovered in WinRAR: Update Now
An outside researcher from Trend Micro’s Zero Day Initiative discovered the flaw. The bug affects only Windows users. macOS, Linux, and Android-based platforms remain unaffected.
In return, RARLAB, the maker of WinRAR, has been quick. They released version 7.12 of the utility to address the problem. The patch addresses the extraction vulnerability and also fixes another bug that deals with HTML injection in report files.
The users are urged to immediately upgrade their WinRAR program to version 7.12. Otherwise, their system can remain exposed to un-detected malware infections. Updating is simple and fast but could prevent you from suffering serious damage.
This incident is a reminder of how important it is to update your software. Even the best of programs can be vulnerable to fatal bugs. Always keep your software updated and do not run archive files from a stranger.
To check your version of WinRAR, open the program and go to the “Help” menu and select “About WinRAR.” If you are using anything below version 7.12, download the latest version from the RARLAB website.
Secure your computer today. A quick update could be the difference. If you use the program on your Windows device, update it now!
