CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description WinRAR contains a path traversal vulnerability that allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability has been actively exploited in the wild by multiple threat actors, including Russia-linked groups (RomCom, Paper Werewolf, Gamaredon, APT44, Turla) and China-linked groups (Amaranth-Dragon, APT41). The exploitation involves embedding malicious payloads within Alternate Data Streams (ADS) of RAR archives, which, when opened, can write files to sensitive system locations like the Startup folder, leading to persistent malware execution. The vulnerability is identified as CVE-2025-8088 and was patched in WinRAR version 7.13. The exploitation has been observed in phishing campaigns targeting various sectors, including government, military, finance, and technology.

Recommendations Update WinRAR to version 7.13 or later immediately.