WinRAR has released an urgent update to patch a critical zero-day vulnerability, CVE-2025-8088, affecting its Windows version. This flaw, with a CVSS score of 8.8, allows attackers to execute arbitrary code by exploiting path traversal through malicious archive files. The vulnerability, discovered by ESET researchers, has been fixed in version 7.13 of WinRAR, released on July 31, 2025.
The exploit allows attackers to manipulate file paths during extraction, potentially placing files in sensitive directories like the Windows Startup folder, leading to unintended code execution upon system login. Russian organizations were targeted in July 2025 through phishing emails containing malicious archives that exploited this flaw alongside another, CVE-2025-6218.
The Russian hacking group Paper Werewolf is suspected of using these vulnerabilities, possibly acquiring an exploit advertised on the dark web. The group leveraged this flaw to execute code outside intended directories by including files with alternative data streams in RAR archives.
Additionally, the RomCom group has been observed exploiting CVE-2025-8088 to deploy various backdoors, targeting companies in Europe and Canada. Their method involves using resume-themed lures to trick victims into opening malicious attachments, which execute harmful DLLs and establish persistence on the system.
In a related development, 7-Zip has also patched a security flaw, CVE-2025-55188, which could lead to arbitrary file writing and potential code execution, particularly on Unix systems. This highlights the ongoing need for vigilance and timely updates to protect against emerging cybersecurity threats.
