Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best website builder Best web hosting Best office chairs Best antivirus Expert Insights Recommended reading Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device Ransomware hackers target a new Windows security flaw to hit businesses A key Asus Windows tool has a worrying security flaw - here's how to stay safe Hackers exploit zero-day Common Log File System vulnerability to plant ransomware WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images One of the world's most popular CMS tools has an embarrassing security flaw, so patch immediately Commvault backup systems have an extremely worrying security issue, so patch now This popular Windows software used by millions has a serious security vulnerability - here's what you need to know Wayne Williams 1 July 2025 Flaw allows hackers access to system locations, such as the Windows Startup folder When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: sarayut Thaneerat/ via Getty Images) WinRAR flaw let crafted archives drop files outside target folder, including into Windows Startup New version 7.12 addresses critical path and HTML vulnerabilities Windows users urged to update WinRAR for improved file safety Iconic file archiving tool WinRAR has received a security update addressing a serious flaw that could let attackers run arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-6218, was identified in the way WinRAR handles file paths within archives. It was discovered by a researcher known as whs3-detonator, working with Trend Micro’s Zero Day Initiative. You may like Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device Ransomware hackers target a new Windows security flaw to hit businesses A key Asus Windows tool has a worrying security flaw - here's how to stay safe The issue exists in Windows versions of WinRAR, where a specially crafted archive can exploit path traversal during file extraction. If a user opens such a file or visits a malicious site, the exploit can allow files to be placed in unintended directories, including sensitive ones like the Windows Startup folder. This could cause malicious software to run automatically when the system boots. RARLAB, the developer of WinRAR, has released version 7.12 to address this flaw. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. The vulnerability does not affect versions of RAR or UnRAR for Unix or Android. Users are urged to update as soon as possible to reduce the risk of exploitation. To stay protected from threats like this, it’s important to use the best antivirus software, reliable malware removal tools, and strong endpoint protection. Even well-known tools can have flaws, so running trusted security software and keeping all apps current helps reduce the risk of malware slipping through unnoticed. The new WinRAR update also fixes an unrelated issue involving the “Generate Report” feature. In older versions, file names in generated HTML reports weren’t sanitized properly, which allowed basic HTML injection. That has now been corrected. In addition to the security fixes, WinRAR 7.12 now tests recovery volumes during archive testing, giving users better confirmation that backup files are intact. It also preserves precise nanosecond timestamps when modifying Unix files on Windows. You might also like We've also rounded up the best free WinZip alternatives around Democratized cybercrime: a new lower bar for hackers and higher stakes for security Millions of Brother printers threatened by multiple serious vulnerabilities Wayne Williams Social Links Navigation Wayne Williams is a freelancer writing news for TechRadar Pro. He has been writing about computers, technology, and the web for 30 years. In that time he wrote for most of the UK’s PC magazines, and launched, edited and published a number of them too. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device Ransomware hackers target a new Windows security flaw to hit businesses A key Asus Windows tool has a worrying security flaw - here's how to stay safe Hackers exploit zero-day Common Log File System vulnerability to plant ransomware WhatsApp patches worrying vulnerability which allowed hackers to share .exe files as images One of the world's most popular CMS tools has an embarrassing security flaw, so patch immediately Latest in Security Major new Microsoft Defender update will now block one of the most dangerous kinds of cyberattack International Criminal Court says it was hit by sophisticated cyberattack Microsoft warns North Korean hackers are expanding fake job schemes - as Feds announce further crackdown Popular TikTok video editor CapCut used to trick victims in phishing scam Swiss government warns data stolen in third-party ransomware attack It's about time - Microsoft finally rolls out better passkey integration in Windows Latest in News The Running Man trailer puts Glen Powell in Arnie's shoes as Stephen King's dystopian thriller gets high-octane remake from Edgar Wright I went hands-on with the Nothing Phone 3, and it might just be the most interesting phone of the year – here's why Constantly dismissing notifications on your Apple Watch? You’re going to love Apple’s watchOS 26 latest gesture Steam's new performance overlay feature will help you monitor how your games are running 'It's obvious that users are frustrated': consumer rights group accuses Microsoft of not providing a 'viable solution' for Windows 10 users who can't upgrade to Windows 11 Squid Game season 3 was going to end differently, but the Netflix show's creator says that big death had to happen because 'it was a better fitting story' LATEST ARTICLES Nothing's first noise-cancelling headphones are official, they're crammed with features, and they look wild I’ve tested the Nothing Headphone (1) for 2 weeks, and they’re incredibly impressive – except where it counts the most I went hands-on with the Nothing Phone 3, and it might just be the most interesting phone of the year – here's why Smart lights 101: everything you need to know to level up your lighting How to install a smart lock TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...