Rufus 4.7: The side-loading vulnerability CVE-2025-26624 has been fixed, and further improvements are available for testing.
Rufus, the small tool for writing a bootable ISO to a flash drive, has been updated to version 4.7. Currently a beta, but with numerous optimizations. First of all, support for ARM 32-bit is being discontinued. (ARM64 is not.)
A side-loading vulnerability (CVE-2025-26624) related to cfgmgr32.dll has also been fixed in this version. Additional optimizations and fixes include:
- Fixes memory leaks in the UI
- Adds a mechanism to detect and download updated DBXs from the official UEFI repository
- Adds ztsd compression support for disk images
- A new option has been added to the settings to exclude disks with a specific GPT GUID.
- Optimized detection of compressed VHD images whose size exceeds the target drive
- Fix: The command line hogger is not deleted when Rufus is started from a different directory.
- Correction of FAT file names of embedded images that may have been shortened during image extraction
- If an error description appears, switch back to the user/system default language environment
- The command line hogger no longer runs on POSIX shells
One more PS: The upcoming Rufus version 4.8 will also include a dark mode. It's already been noted on the new features list.