Hackers associated with Russia are capitalizing on a vulnerability in WinRAR – here are precautions to ensure your safety.
The WinRAR zero-day vulnerability, identified as CVE-2025-8088, is currently under active exploitation in the wild. This high-severity path traversal flaw affects Windows versions of WinRAR, specifically those before version 7.13.
Discovered by researchers at ESET and others, this vulnerability allows attackers to craft malicious archives that override the intended extraction path. This enables unauthorized placement of malware, including backdoors, into sensitive directories like the Windows Startup folder, achieving arbitrary code execution when the user extracts the archive.
RomCom, a Russian-aligned hacking group with a history of targeting governments, infrastructure, and non-governmental organizations, has been linked to the exploitation of this vulnerability. This group, also known as Storm-0978, is known for its spear-phishing campaigns, sending targeted emails designed to look legitimate and persuade recipients to open malicious attachments.
Recent months have seen RomCom broadening its focus to include organizations in the U.S., Europe, and other regions involved in Ukraine-related humanitarian efforts. The group has been linked to attacks on zero-day vulnerabilities found in Firefox and Windows, making it a significant threat.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-8088 to its Known Exploited Vulnerabilities Catalog, urging urgent patching by September 2, 2025.
Protection Measures for Users
To protect against this threat, users are advised to immediately update WinRAR to version 7.13 or later, which contains the patch fixing this vulnerability. Versions before 7.13 remain vulnerable and should be upgraded as soon as possible.
Users should exercise extreme caution with unsolicited or unexpected RAR archives received via email, especially from unknown or suspicious senders. Employing endpoint security solutions capable of detecting malicious archive contents or abnormal extraction behavior can also provide additional protection.
Consider disabling the automatic extraction of archives or restricting archive extraction locations if administratively possible, to reduce the risk of malicious file placement.
In summary, CVE-2025-8088 remains a critical threat actively exploited by advanced attackers. Prompt patching to WinRAR 7.13 combined with vigilant user behavior around archive files is essential to protection.
- Microsoft has released an update for WinRAR to address the ongoing exploitation of the high-severity path traversal vulnerability CVE-2025-8088, found in older versions.
- On the cybersecurity front, Microsoft 365 users can benefit from its robust protection features to guard against potential attacks related to this WinRAR flaw.
- Gaming enthusiasts using Windows PCs should take note of this WinRAR vulnerability, as it allows for arbitrary code execution that could compromise their systems, including Xbox consoles connected to the same network.
- Companies such as Microsoft have been working tirelessly to provide software solutions to mitigate the risks of zero-day vulnerabilities like CVE-2025-8088, which are being actively targeted by malicious actors like RomCom for their technological advancements.
- As usual in the gaming and technology industries, it is essential for users to adopt a proactive approach to cybersecurity by staying updated, being aware of current threats, and implementing preventive measures such as patching, careful file handling, and using robust endpoint security solutions.
