WinRAR developers have released a fresh version of the archiver and recommended that users install it as soon as possible. Build 7.12 contains a fix for the dangerous vulnerability CVE-2025-6218, which allows attackers to silently run malicious code on a Windows PC.
The vulnerability has a high CVSS score (7.8 points) and is considered a significant security threat. According to the developers, the problem affects all previous versions of the archiver. Using the software “hole”, attackers could potentially control file paths during unpacking to save malware outside the target folder. To carry out a successful attack on the target PC, it was enough to start the process of unpacking the infected archive.
WinRAR 7.12 is already available for free download on the program’s official website. Since the archiver does not support the automatic update function, you must download and install the latest build manually. The versions for Unix, Android, as well as the UnRAR source code, according to company representatives, do not pose a threat to user data.