1.0 Introduction
A recently disclosed vulnerability in RARLAB’s WinRAR, the long-standing compression utility for Windows, has exposed millions of users to a critical directory traversal flaw that could lead to remote code execution (RCE).
2.0 Impact
This vulnerability allows attackers to run arbitrary code on a victim’s machine simply by getting them to open a specially crafted archive file.
3.0 Affected Products
- CVE – 2025-6218 (High) - WinRAR versions prior to 7.12 Beta 1
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the following link and apply the latest update:
Kindly, please refer to the URL below : https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-712.exe
Generally, CyberSecurity Malaysia advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web:
https://www.cybersecurity.my
5.0 References