CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal vulnerability exists in the Windows version of WinRAR, allowing attackers to execute arbitrary code by crafting malicious archive files. This vulnerability has been actively exploited in the wild by threat actors, including the RomCom and Paper Werewolf groups. Exploitation involves crafting RAR archives that, when extracted, place malicious payloads into system startup folders, leading to automatic execution of malicious code upon system login. The vulnerability allows attackers to bypass security measures and install backdoors for full system access. The vulnerability was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Recommendations Update WinRAR to version 7.13 or later. As WinRAR does not have an auto-update feature, a manual update is required.