CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13 WinRAR versions 5.50 through 7.12

Description WinRAR contains a path traversal vulnerability affecting the Windows version of the software. This vulnerability allows attackers to execute arbitrary code by crafting malicious archive files. The vulnerability has been actively exploited in the wild by multiple threat actors, including RomCom and Paper Werewolf, through phishing campaigns. Attackers can embed malicious payloads within RAR archives, which, when extracted, place files in unauthorized locations, such as the Windows Startup folder, leading to automatic execution of malicious code upon system startup. Alternate Data Streams (ADS) are used to hide malicious payloads within the archives. This vulnerability is tracked as CVE-2025-8088.

Recommendations Update WinRAR to version 7.13 or later.