Rarlab · Winrar · CVE-2025-8088
**Name of the Vulnerable Software and Affected Versions**
WinRAR versions prior to 7.13
**Description**
A path traversal issue in the Windows version of WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The flaw enables attackers to manipulate file paths during decompression, using NTFS Alternate Data Streams (ADS) to write files outside the intended extraction directory, such as the Windows Startup folder, to achieve persistence. This issue has been exploited in the wild by various state-sponsored groups from Russia and China, as well as financially motivated cybercriminals, targeting government, military, and critical infrastructure sectors in Eastern Europe, NATO countries, and Southeast Asia. The attacks often involve phishing campaigns where victims are tricked into opening malicious RAR archives containing lures like PDF files.
**Recommendations**
Update WinRAR to version 7.13 or later.