The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting WinRAR. 

Technical Details

ESET researchers discovered a path traversal vulnerability affecting WinRAR v7.12.
The vulnerability exploits alternate data streams (ADSs) to achieve path traversal.
The malicious actors craft special archives that have within them malicious ADSes.
We urge everyone to as soon as possible upgrade to the latest version from WinRAR.
Indications show that there is an active campaign exploiting this vulnerability

Recommendations

The Digital Security Authority recommends upgrading to the latest version of WinRAR and not v7.12 or less.

References

1. Common Weakness Enumeration
2. Common Vulnerabilities & Exposures
3. WinRAR Official News

The information presented in this report is based on available data up to the 12th of August 2025. 

 [ Get the report  in .PDF ]