CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description WinRAR contains a path traversal vulnerability that allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability, tracked as CVE-2025-8088, has been actively exploited in the wild by multiple threat actors, including Russia-linked groups (RomCom, Paper Werewolf, Gamaredon), China-linked groups (Amaranth-Dragon), and financially motivated cybercriminals. Attackers exploit this flaw by embedding malicious payloads within Alternate Data Streams (ADS) of RAR archives. When a user opens a crafted archive, the malware is written to sensitive system locations, such as the Startup folder, leading to automatic execution upon system login. The vulnerability allows attackers to bypass security measures and install backdoors, steal data, and deploy ransomware. The vulnerability was patched in WinRAR version 7.13, but due to the lack of an auto-update feature, many systems remain vulnerable.

Recommendations Update WinRAR to version 7.13 or later immediately.