If you’re still using WinRAR, you should update to version 7.12 as soon as possible. A vulnerability labeled CVE-2025-6218 was recently discovered in older versions of the popular Windows file compression tool.
The security vulnerability in question can reportedly be exploited by hackers to bypass the app’s built-in security features, increasing the risk of malware execution, reports BleepingComputer.
The issue was first reported on June 5th, 2025 through the Zero Day Initiative, and WinRAR released a fix for it with version 7.12 beta 1 on June 24th, 2025. The release also addresses two other minor issues.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path,” writes WinRAR in its changelog. In other words, files could be secretly extracted to system directories and other sensitive locations, allowing hackers to execute malicious files in unwanted places.
Though there are no known instances of this exploit being attacked in the wild, you should update WinRAR immediately to stay safe.
This article originally appeared on our sister publication PC för Alla and was translated and localized from Swedish.
