Ethical Hacking News
WinRAR has issued a critical patch for a bug that allows malware to be executed from extracted archives, urging all users to upgrade immediately.
WinRAR has addressed a critical bug (CVE-2025-6218) that poses significant security risks to its users. The vulnerability, which involves directory traversal attacks, can be exploited by malicious users to extract files from sensitive locations in system directories and auto-run or startup folders without requiring administrative rights. Users who continue to utilize old versions of WinRAR or are exposed to malicious archives remain vulnerable despite the fact that user interaction is required for exploitation. A new version, 7.12 beta 1, also includes fixes for an HTML injection vulnerability in report generation and minor issues with recovery volumes and timestamp precision. Users are strongly advised to upgrade to the latest version immediately due to the global widespread deployment of the software and a history of hackers targeting it.
WinRAR, a popular file archiver and extractor software widely used across various platforms, has recently addressed a critical bug (CVE-2025-6218) that poses significant security risks to its users. This vulnerability, tracked by the Zero Day Initiative and assigned a CVSS score of 7.8, allows malware to be executed after extracting malicious archives from Windows versions of WinRAR, dating back to version 7.11.
The discovery of this bug was attributed to security researcher whs3-detonator who brought it to the attention of Zero Day Initiative on June 5, 2025. The nature of the vulnerability is that it involves a directory traversal attack, which can be exploited by malicious users to extract files from sensitive locations in system directories and auto-run or startup folders without requiring administrative rights.
When an archive with specially crafted relative paths is extracted using previous versions of WinRAR (version 7.11 and older), the software can mistakenly use these paths instead of user-specified ones, leading to potentially disastrous consequences. In such cases, files that contain malicious code could be silently extracted into sensitive locations where they could execute automatically upon user login to Windows. This poses a significant threat as even though the malware would run with user-level access rather than administrative rights, it can still steal sensitive data like browser cookies and saved passwords, install persistence mechanisms, or provide remote access for further lateral movement.
The risk of this vulnerability remains high despite the fact that user interaction is required for its exploitation, such as opening a malicious archive or visiting a specially crafted page. This means that users who continue to utilize old versions of WinRAR or are exposed to malicious archives through various means remain vulnerable.
In addition to addressing the critical bug (CVE-2025-6218), WinRAR version 7.12 beta 1 also includes fixes for an HTML injection in report generation reported by Marcin Bobryk, where archived file names containing < or > could be injected into the HTML report as raw HTML tags, enabling potential HTML/JS injection if reports are opened in a web browser.
Furthermore, minor issues like incomplete testing of recovery volumes and timestamp precision loss for Unix records have been addressed in the latest update. It is worth noting that despite CVE-2025-6218 not impacting Unix versions, Android, and portable UnRAR source code, all users of WinRAR regardless of their platform are strongly advised to upgrade to the latest version immediately due to the global widespread deployment of the software and a history of hackers targeting it.
Currently, there are no reported instances of CVE-2025-6218 being exploited. Nevertheless, given the potential severity of this vulnerability and its impact on user safety, users are cautioned to take proactive steps by upgrading to the latest version as soon as possible.
WinRAR has issued a critical patch for a bug that allows malware to be executed from extracted archives, urging all users to upgrade immediately.
Related Information:
https://www.ethicalhackingnews.com/articles/WinRAR-Patches-Critical-Bug-Allowing-Malware-Execution-from-Extracted-Archives-ehn.shtml
https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/
https://nvd.nist.gov/vuln/detail/CVE-2025-6218
https://www.cvedetails.com/cve/CVE-2025-6218/
Published: Wed Jun 25 13:27:27 2025 by llama3.2 3B Q4_K_M
