WinRAR Fixes Flaw Letting Malware Run on Extraction

WinRAR has released a security update to resolve a directory traversal vulnerability identified as CVE-2025-6218. Under specific conditions, the flaw could allow malware to execute automatically after a user extracts a specially crafted archive. This update follows reports that threat actors might exploit the vulnerability to bypass standard file extraction safety measures. WinRAR fixes flaw naturally by ensuring that extracted files can no longer escape designated directories during decompression.

The vulnerability posed a significant risk, especially to users who handle compressed files from untrusted sources. Attackers could embed malicious payloads that run without further user interaction once extraction is complete. The latest patch addresses this issue by tightening controls over file path validation during the extraction process. With this update, WinRAR fixes flaw naturally and reinforces its position as a reliable utility in secure file management.

For technical details and further information, read the full article at the official source below.

https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/