CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description WinRAR contains a path traversal vulnerability that allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability has been actively exploited in the wild by multiple threat actors, including Russia-linked groups (RomCom, Paper Werewolf, Gamaredon) and China-linked actors. Attackers exploit this flaw by embedding malicious payloads within RAR archives, which, when opened, can place files in sensitive system locations like the Startup folder, leading to automatic malware execution upon system login. The vulnerability allows attackers to bypass security measures and deploy various malware, including SnipBot, RustyClaw, Mythic Agent, and PoisonIvy. The vulnerability is tracked as CVE-2025-8088 and was addressed in WinRAR version 7.13. The exploitation of this vulnerability has been observed in phishing campaigns targeting various sectors, including finance, defense, manufacturing, and logistics.

Recommendations Update to WinRAR version 7.13 or later.