{"id":339209,"date":"2025-06-25T06:51:22","date_gmt":"2025-06-25T13:51:22","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/en\/?p=339209"},"modified":"2025-07-01T14:18:04","modified_gmt":"2025-07-01T21:18:04","slug":"if-you-still-use-winrar-update-now-an-exploit-lets-attackers-take-control-of-your-pc","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/if-you-still-use-winrar-update-now-an-exploit-lets-attackers-take-control-of-your-pc\/","title":{"rendered":"If you still use WinRAR, update now: an exploit lets attackers take control of your PC"},"content":{"rendered":"\n<p>A&nbsp;<strong>serious vulnerability has been discovered in WinRAR<\/strong>, the popular file compression software used by millions worldwide. This new exploit, identified as CVE-2025-6218, allows remote attackers to execute arbitrary code on a victim\u2019s device simply by convincing them to open a malicious archive. While user interaction is required, the impact can be devastating\u2014<strong>granting attackers access to restricted directories and full system control<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A dangerous vulnerability with a high CVSS score<\/h2>\n\n\n\n<p>The flaw was reported through&nbsp;<strong>Trend Micro\u2019s Zero Day Initiative<\/strong>&nbsp;and received a 7.8 out of 10 on the Common Vulnerability Scoring System (CVSS), classifying it as high risk. The issue arises from how WinRAR handles directory paths during archive extraction,&nbsp;<strong>allowing crafted files to escape their intended folders and overwrite sensitive system files<\/strong>. This behavior opens the door for attackers to inject harmful code into the operating system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Who is affected and what to do next<\/h2>\n\n\n\n<p>The vulnerability affects&nbsp;<strong>WinRAR versions up to 7.11<\/strong>, as well as Windows versions of RAR, UnRAR, the UnRAR DLL and source code. Systems using Unix-based RAR or Android versions are not impacted. RARLAB has already issued a patch, available in&nbsp;<strong>WinRAR 7.12 Beta 1<\/strong>, and users are strongly urged to update immediately to protect their machines.<\/p>\n\n\n\n<p>Given that&nbsp;<strong>over 500 million people worldwide rely on WinRAR<\/strong>, the software is a frequent target for cyberattacks. This isn&#8217;t the first time vulnerabilities have been reported, but the ability for an archive to&nbsp;<strong>bypass folder restrictions and execute code silently<\/strong>&nbsp;marks a significant threat to user security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A&nbsp;serious vulnerability has been discovered in WinRAR, the popular file compression software used by millions worldwide. This new exploit, identified as CVE-2025-6218, allows remote attackers to execute arbitrary code on a victim\u2019s device simply by convincing them to open a malicious archive. While user interaction is required, the impact can be devastating\u2014granting attackers access to &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/if-you-still-use-winrar-update-now-an-exploit-lets-attackers-take-control-of-your-pc\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;If you still use WinRAR, update now: an exploit lets attackers take control of your PC&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9317,"featured_media":339210,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-339209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/339209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9317"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=339209"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/339209\/revisions"}],"predecessor-version":[{"id":339211,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/339209\/revisions\/339211"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/339210"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=339209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=339209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=339209"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=339209"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=339209"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=339209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}