CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal vulnerability exists in the Windows version of WinRAR, allowing attackers to execute arbitrary code by crafting malicious archive files. This vulnerability has been actively exploited in the wild by threat actors, including the Russia-linked RomCom group and Paper Werewolf. Exploitation involves embedding malicious payloads within RAR archives, which, when extracted, can place files in unauthorized locations, such as the Windows Startup folder, leading to automatic execution of malicious code upon system startup. The vulnerability leverages alternate data streams (ADS) to hide malicious content within the archive. The vulnerability was exploited in phishing campaigns targeting organizations in Europe and Canada, including those in the finance, manufacturing, defense, and logistics sectors.

Recommendations Update WinRAR to version 7.13 or later. As there is no automatic update feature, a manual update is required.