How do attackers exploit the WinRAR path traversal vulnerability?

To exploit this flaw, the target must visit a malicious webpage or open a specially crafted archive file. This is usually achieved through social engineering, phishing campaigns, or offering 'free' pirated software for download that contains malicious archives.

Which versions of WinRAR are affected by CVE-2025-6218?

The vulnerability affects all Windows versions of WinRAR prior to version 7.12 Beta 1. This includes all Windows iterations of WinRAR before version 7.12b1, Windows versions of RAR, UnRAR, and portable UnRAR source code, and the UnRAR.dll library for Windows.

What platforms are NOT affected by this WinRAR vulnerability?

The vulnerability does not affect Unix versions of RAR, UnRAR, portable UnRAR source code, UnRAR library, or RAR for Android. Only Windows-based versions of the software are vulnerable to this specific flaw.

What is the fixed version for CVE-2025-6218?

RARLAB has patched the vulnerability in WinRAR version 7.12 Beta 1 and later. Users should update to this version or newer to protect against the path traversal attack.

What can attackers achieve by exploiting this WinRAR vulnerability?

Attackers can execute malicious code in the context of the affected user by redirecting file extraction to unintended directories. This could lead to malware installation, system compromise, data theft, or other malicious activities with the same privileges as the user running WinRAR.

What social engineering tactics are used to exploit CVE-2025-6218?

Common tactics include phishing emails with malicious archive attachments, websites offering 'free' pirated software downloads that contain crafted archives, and social engineering campaigns that trick users into downloading and opening specially crafted archive files.

How serious is the CVE-2025-6218 vulnerability?

With a CVSS score of 7.8, this is considered a high-severity vulnerability. While it requires user interaction to exploit, the widespread use of WinRAR and the potential for code execution make it a significant security concern that should be addressed promptly.

What should WinRAR users do about this vulnerability?

Users should immediately update to WinRAR version 7.12 Beta 1 or later to patch the vulnerability. Additionally, users should be cautious when opening archive files from untrusted sources, avoid downloading software from suspicious websites, and maintain updated antivirus protection.

Why are path traversal vulnerabilities particularly dangerous in archive software?

Path traversal vulnerabilities in archive software are dangerous because they can allow attackers to write files to arbitrary locations on the system, potentially overwriting critical system files, placing malware in startup directories, or compromising security-sensitive locations. This bypasses the user's expectation that files will be extracted to a safe, intended location.

Is this the first security issue discovered in WinRAR?

No, WinRAR has had several security vulnerabilities discovered over the years, including previous path traversal and code execution flaws. This highlights the importance of keeping archive software updated and being cautious when handling files from untrusted sources, as archive software is a frequent target for attackers due to its widespread use.

Advisory

Directory traversal flaw in WinRAR enables remote code execution

Q: What is CVE-2025-6218?

CVE-2025-6218 (CVSS score 7.8) is a security vulnerability in WinRAR that allows attackers to execute malicious code by exploiting the software's file extraction path handling mechanism. RARLAB has patched this vulnerability in the latest version.

Q: How does the CVE-2025-6218 vulnerability work?

The vulnerability is caused by improper handling of file extraction paths within archive files. When extracting files, WinRAR can be manipulated to use a path specified within a specially crafted archive instead of the user-specified path, allowing attackers to redirect the extraction process to unintended directories and execute malicious code.

published: June 23, 2025

Take action: If you use WinRAR on Windows, be very cautious of unexpected RAR attachments and never download files from pirated or untrusted sources. Check for the next stable release of WinRAR and update when it's released.

Learn More

RARLAB has patched a security vulnerability in WinRAR, that allows attackers to execute malicious code by exploiting the software's file extraction path handling mechanism. T

The vulnerability is tracked as CVE-2025-6218 (CVSS score 7.8) and is caused by improper handling of file extraction paths within archive files. When extracting files, WinRAR can be manipulated to use a path specified within a specially crafted archive instead of the user-specified path. It allows attackers to redirect the extraction process to unintended directories, executing maliciosu code in the context of the affected user.

To exploit this flaw, the target must visit a malicious webpage or open a specially crafted archive file. This is usuall achieved through social engineering, phishing or offering "free" pirated software for download.

The vulnerability affects all Windows versions of WinRAR prior to version 7.12 Beta 1

All Windows iterations of WinRAR before version 7.12b1
Windows versions of RAR, UnRAR, and portable UnRAR source code
UnRAR.dll library for Windows

The vulnerability does not affect Unix versions of RAR, UnRAR, portable UnRAR source code, UnRAR library, or RAR for Android. Us

Directory traversal flaw in WinRAR enables remote code execution

Read More
Apple issues (second) emergency fix for vulnerabilities exploited …
Google Patches Zero-Interaction DoS Vulnerability in April 2026 …
FreeBSD reports critical vulnerability in the kernel
Google releases Chrome 143 security update patching 13 …
Multiple security vulnerabilities reported in Zoom Workplace applications