Rarlab · Winrar · CVE-2025-8088
**Name of the Vulnerable Software and Affected Versions**
WinRAR versions prior to 7.13
**Description**
A path traversal issue in the Windows version of WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The flaw enables attackers to manipulate file paths during decompression, using NTFS Alternate Data Streams (ADS) to write files outside the intended extraction directory, such as the Windows Startup folder, to achieve persistence. This issue has been exploited in the wild by various state-sponsored groups, including Russian and Chinese APTs (such as Amaranth-Dragon, Sandworm, Gamaredon, and Turla), as well as financially motivated cybercriminals. Targets have included government, military, and critical infrastructure sectors, particularly in Ukraine and Southeast Asia, often utilizing spear-phishing campaigns with deceptive lures to deliver the malicious archives.
**Recommendations**
Update WinRAR to version 7.13 or later.