CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal issue in the Windows version of WinRAR allows attackers to execute arbitrary code by crafting malicious archive files. The flaw occurs because the archive parser fails to sanitize directory traversal sequences in archive entries, enabling files to be written outside the intended extraction path. Attackers can leverage Alternate Data Streams (ADS) to embed malicious files and place them in sensitive locations, such as the Windows Startup folder, to achieve persistence. This issue has been exploited in the wild by various state-sponsored groups and cybercriminals, including Amaranth-Dragon, Sandworm, Gamaredon, and Turla, targeting government, military, and technology sectors in Southeast Asia and Ukraine.

Recommendations Update to version 7.13 or later. As a temporary workaround, consider disabling WinRAR integration with Windows Explorer. Restrict execution of WinRAR.exe via Group Policy where not required. Quarantine .rar, .zip, and .7z attachments from external sources.