WinRAR Patches Directory Traversal Flaw Allowing Silent Malware Installation

by | Jun 26, 2025 | News

WinRAR Patches Directory Traversal Flaw Allowing Silent Malware Installation

Post Views: 204




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

WinRAR Fixes High-Severity Directory Traversal Vulnerability (CVE-2025-6218)

WinRAR has released a critical security update addressing a directory traversal vulnerability (CVE-2025-6218) that could allow malware to execute after users extract malicious archives.

Discovered by security researcher whs3-detonator and reported through Trend Micro’s Zero Day Initiative on June 5, 2025, the flaw affects WinRAR for Windows version 7.11 and earlier. The vendor released a fix in WinRAR 7.12 beta 1, available as of yesterday.

The Vulnerability

CVE-2025-6218, assigned a CVSS score of 7.8 (high severity), allows an attacker to craft a malicious archive containing files with manipulated relative paths. When extracted, WinRAR could be tricked into:

  • Ignoring the user-specified extraction path
  • Silently writing files to sensitive locations (e.g., Windows startup folders or system directories)

Such files could execute the next time a user logs in, enabling:

  • Data theft (browser cookies, saved passwords)
  • Persistence installation
  • Initial footholds for further attacks

Importantly, while the malicious code runs under user-level privileges, it still poses a significant risk.

“Previous versions of WinRAR could be tricked into using a path defined in a specially crafted archive instead of the user-specified path,” noted the official changelog.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Other Issues Resolved

WinRAR 7.12 beta 1 also addresses:

  • HTML injection (reported by Marcin Bobryk): Malicious file names containing < or > could inject HTML or JavaScript into generated reports, posing a risk if opened in a browser.
  • Minor issues: Fixes for incomplete recovery volume testing and timestamp precision loss for Unix records.

Mitigation and Recommendations

While CVE-2025-6218 requires user interaction (e.g., opening a malicious archive), the risk is compounded by:

  • The popularity of WinRAR
  • The common use of outdated versions
  • The ease of distributing malicious archives via phishing, torrents, or file-sharing platforms

Trending: Using Favicon for OSINT




Trending: Recon Tool: AdminPBuster (Admin Panel Buster)

Platforms Affected

  • Impacted: WinRAR on Windows (≤ 7.11)
  • Not impacted: Unix versions, Android builds, portable UnRAR source code (though updates are still recommended for other fixes)

Trending: New Linux Vulnerabilities Allow Instant Root Access Across Major Distros

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This