You should probably update WinRAR

WinRAR 7.13 addresses new “directory traversal vulnerability”

WinRAR 7.13 has been released, an update that fixes several bugs in prior versions of the utility and fixes a new “directory traversal vulnerability”. While this vulnerability seems to be less significant than those addressed with version 7.12, it is worthwhile for users to update to the newest version of WinRAR.

WinRAR is a tool that is used to compress, encrypt, package, and backup files. The tool has 500,000 users and is said to be the world’s most popular compression tool. While modern OS’ feature many of WinRAR’s features built-in, the tool remains widely used today.

Below are the release notes of WinRAR version 7.13.

WinRAR 7.13 Final released

Release date: 30.07.2025

Another directory traversal vulnerability, differing from that in WinRAR 7.12, has been fixed.

When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path.

Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected.

We are thankful to Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET for letting us know about this security issue.

Bugs fixed:

1 – WinRAR 7.12 “Import settings from file” command failed to restore settings, saved by WinRAR versions preceding 7.12;

2 – WinRAR 7.12 set a larger than specified recovery size for compression profiles, created by WinRAR 5.21 and older.

– WinRAR

As with most software, PC users are safest using the newest versions of tools like WinRAR. System security is incredibly important, and using old software can be a way that bad actors can exploit your system.

You can join the discussion on WinRAR 7.13 on the OC3D Forums.