The widely used file archiving tool, WinRAR, recently faced a critical zero-day vulnerability that exposed systems to potential code execution attacks. Although WinRAR has now resolved this issue, the vulnerability was actively exploited to distribute RomCom malware through maliciously crafted archive files.
Security experts identified the flaw, labeled CVE-2025-8088, as a path traversal vulnerability affecting WinRAR for Windows. With a high severity rating and a CVSS score of 8.4, the vulnerability allowed attackers to manipulate the extraction path of files from specially crafted archives, overriding user-specified paths. Notably, this issue did not affect RAR versions for Unix or Android.
The RomCom group, a known Russian cyber-espionage entity, exploited this vulnerability to conduct spearphishing attacks, sending malicious RAR files via email. This group has previously been in the spotlight for exploiting multiple zero-day vulnerabilities, including a notable attack during the NATO Summit in 2023.
In response to the threat, WinRAR released version 7.13, which includes a fix for the vulnerability along with other improvements. Users are urged to update their systems promptly to mitigate risks. Additionally, organizations are advised to maintain vigilance against phishing attempts and conduct regular training to bolster cybersecurity awareness among employees.
