CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal vulnerability exists in the Windows version of WinRAR, allowing attackers to execute arbitrary code by crafting malicious archive files. This vulnerability has been actively exploited in the wild by threat actors, including the Russia-linked RomCom group and Paper Werewolf. Exploitation involves embedding malicious payloads within RAR archives, which, when extracted, can place files in unauthorized locations, such as the Startup folder, leading to automatic execution of malicious code. The vulnerability abuses alternate data streams (ADS) to perform path traversal. This has been observed in phishing campaigns targeting organizations in Europe, Canada, and Southeast Asia, including government entities. The vulnerability was addressed in WinRAR version 7.13.

Recommendations Update WinRAR to version 7.13 or later.