CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal issue in the Windows version of WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The flaw enables attackers to manipulate file paths during decompression, using NTFS Alternate Data Streams (ADS) to write files outside the intended extraction directory, such as the Windows Startup folder, to achieve persistence. This issue has been exploited in the wild by various state-sponsored groups from Russia and China, as well as financially motivated cybercriminals, targeting government, military, and critical infrastructure sectors in Eastern Europe, NATO countries, and Southeast Asia. The attacks often involve phishing campaigns where victims are tricked into opening malicious RAR archives containing lures like PDF files.

Recommendations Update WinRAR to version 7.13 or later. Restrict the use of third-party decompression tools and enforce strict email security policies to block suspicious attachments. Implement network segmentation and monitor for unusual file decompression activity.