A serious vulnerability discovered by security researchers in the popular archive program WinRAR threatens the computers of millions of users. This vulnerability, which affects the Windows platform, allows malicious software to infiltrate the system and run as soon as the computer is turned on. The developer company RARLAB has released a new update that eliminates the security issue in question.

A security vulnerability has emerged in the WinRAR program

This vulnerability, tracked with the code CVE-2025-6218, is caused by an error made by WinRAR during the extraction process of archived files. The software can bypass the security check while processing the file paths in the archive.

This situation causes a maliciously prepared archive file to copy its content to folders on the system that should not normally be accessed. In particular, the possibility of infiltrating directories that automatically run at system startup increases the severity of the threat. A malware placed on the system in this way can automatically run every time the computer is turned on.

The vulnerability was discovered by an independent security researcher working with Trend Micro’s Zero Day Initiative team. The vulnerability is specific to the Windows operating system. Unix-based systems and Android versions are not affected by this vulnerability.

RARLAB has released version 7.12 of WinRAR following the security breach. The update not only fixes this vulnerability, but also fixes an HTML injection issue found in HTML reports in previous versions.

Following the release of the update, Windows users are asked to upgrade their current WinRAR versions to version 7.12 as soon as possible. It is stated that this will prevent malware from infiltrating system folders and running automatically.