If you still use WinRAR, update now: an exploit lets attackers take control of your PC

A serious vulnerability has been discovered in WinRAR, the popular file compression software used by millions worldwide. This new exploit, identified as CVE-2025-6218, allows remote attackers to execute arbitrary code on a victim’s device simply by convincing them to open a malicious archive. While user interaction is required, the impact can be devastating—granting attackers access to restricted directories and full system control.

A dangerous vulnerability with a high CVSS score

The flaw was reported through Trend Micro’s Zero Day Initiative and received a 7.8 out of 10 on the Common Vulnerability Scoring System (CVSS), classifying it as high risk. The issue arises from how WinRAR handles directory paths during archive extraction, allowing crafted files to escape their intended folders and overwrite sensitive system files. This behavior opens the door for attackers to inject harmful code into the operating system.

Who is affected and what to do next

The vulnerability affects WinRAR versions up to 7.11, as well as Windows versions of RAR, UnRAR, the UnRAR DLL and source code. Systems using Unix-based RAR or Android versions are not impacted. RARLAB has already issued a patch, available in WinRAR 7.12 Beta 1, and users are strongly urged to update immediately to protect their machines.

Given that over 500 million people worldwide rely on WinRAR, the software is a frequent target for cyberattacks. This isn’t the first time vulnerabilities have been reported, but the ability for an archive to bypass folder restrictions and execute code silently marks a significant threat to user security.