Rufus 4.7: The side-loading vulnerability CVE-2025-26624 has been fixed, and further improvements are available for testing

Rufus 4.7: The side-loading vulnerability CVE-2025-26624 has been fixed, and further improvements are available for testing.

Rufus, the small tool for writing a bootable ISO to a flash drive, has been updated to version 4.7. Currently a beta, but with numerous optimizations. First of all, support for ARM 32-bit is being discontinued. (ARM64 is not.)


A side-loading vulnerability (CVE-2025-26624) related to cfgmgr32.dll has also been fixed in this version. Additional optimizations and fixes include:

  • Fixes memory leaks in the UI
  • Adds a mechanism to detect and download updated DBXs from the official UEFI repository
  • Adds ztsd compression support for disk images
  • A new option has been added to the settings to exclude disks with a specific GPT GUID.
  • Optimized detection of compressed VHD images whose size exceeds the target drive
  • Fix: The command line hogger is not deleted when Rufus is started from a different directory.
  • Correction of FAT file names of embedded images that may have been shortened during image extraction
  • If an error description appears, switch back to the user/system default language environment
  • The command line hogger no longer runs on POSIX shells

One more PS: The upcoming Rufus version 4.8 will also include a dark mode. It's already been noted on the new features list.

Information and downloads:



google-playkhamsatmostaqltradent