WinRAR 7.12 Final released
Release date: 25.06.2025
WinRAR Addresses Multiple Security Vulnerabilities and Functional Improvements in Latest Software Update
Berlin, June 25th 2025: WinRAR, the leading file compression and archiving software, has just launched version 7.12, resolving a serious security vulnerability affecting earlier versions. These updates demonstrate our commitment to protecting our users and maintaining the integrity and trustworthiness of the WinRAR ecosystem.
SECURITY FIXES
1. Directory Traversal Remote Code Execution Vulnerability (ZDI-CAN-27198)
In previous versions of WinRAR, as well as RAR, UnRAR, UnRAR.dll, and the portable UnRAR source code for Windows, a specially crafted archive containing arbitrary code could be used to manipulate file paths during extraction. User interaction is required to exploit this vulnerability, which could cause files to be written outside the intended directory.
This flaw could be exploited to place files in sensitive locations — such as the Windows Startup folder — potentially leading to unintended code execution on the next system login.
This issue affects only Windows-based builds. Versions of RAR and UnRAR for Unix, the portable source code on Unix, and RAR for Android are not affected.
We thank whs3-detonator, working with Trend Micro’s Zero Day Initiative, for responsibly reporting this vulnerability.
2. HTML Injection via Archived File Names in Report Generation
Older versions of WinRAR’s “Generate Report” feature included archived file names in the generated HTML without sanitization, allowing file names with HTML tags (e.g., <script>) to be injected into the report. This has been fixed by escaping < and > characters to neutral HTML entities, preventing injection.
We thank Marcin Bobryk (github.com/MarcinB44) for responsibly reporting this issue.
FUNCTIONAL IMPROVEMENTS
3. Improved Testing of Recovery Volumes
When both “Test archived files” and “Recovery volumes” options are enabled, WinRAR now tests recovery volumes as well. Previously, testing was completed before recovery volumes were created, so they remained unverified. This improvement provides users with greater confidence in the integrity of their backups, especially when relying on recovery volumes to repair damaged or incomplete archives.
4. Preservation of Nanosecond Timestamps for Unix File Records
When modifying RAR archives containing Unix file records on Windows, the original nanosecond timestamp precision is now preserved. Older versions converted timestamps to Windows-style 100-nanosecond precision, resulting in a loss of accuracy. This improvement is relevant when modifying or extracting cross-platform archives on Windows, where preserving precise Unix timestamps is important for development workflows, file synchronization, backups, or version control.
For a full list of improvements, visit: WinRAR 7.12 Release Notes
Availability:
WinRAR 7.12 is now available for download.
We encourage all users to update their software to the latest version.
https://www.win-rar.com/download.html
WinRAR is provided in over 40 languages and is compatible with Windows 11,10 and 8.1. For Android users, the RAR App is available on Google Play. The command line version of WinRAR is also available for Linux, FreeBSD, and MAC OS X.
About WinRAR:
WinRAR is the 64-bit Windows version of RAR Archiver, the powerful archiver and archive manager. RAR files can compress content up to 30 percent more efficiently than ZIP files. The most notable functions of WinRAR include powerful document and multimedia file compression, file encryption, processing of other archive formats, programmable self-extracting (SFX) archives, damaged archive repair, and Unicode support.
About win.rar GmbH:
win.rar GmbH has been the official publisher of WinRAR and RARLAB products since February 2002 and handles all support, marketing and sales functions related to WinRAR & RARLAB.COM. win.rar GmbH is registered in Germany and is represented worldwide by local partners in over 70 countries on six continents. win.rar's stated goal is to provide top quality support and to optimize its software to meet the needs of its customers based on their valuable feedback. For more information about WinRAR and win.rar GmbH, please visit our website at www.win-rar.com.
