Hackers associated with Russia are capitalizing on a vulnerability in WinRAR – here are precautions to ensure your safety.
The WinRAR zero-day vulnerability, identified as CVE-2025-8088, is currently under active exploitation in the wild. This high-severity path traversal flaw affects Windows versions of WinRAR, specifically those before version 7.13.
Discovered by researchers at ESET and others, this vulnerability allows attackers to craft malicious archives that override the intended extraction path. This enables unauthorized placement of malware, including backdoors, into sensitive directories like the Windows Startup folder, achieving arbitrary code execution when the user extracts the archive.
RomCom, a Russian-aligned hacking group with a history of targeting governments, infrastructure, and non-governmental organizations, has been linked to the exploitation of this vulnerability. This group, also known as Storm-0978, is known for its spear-phishing campaigns, sending targeted emails designed to look legitimate and persuade recipients to open malicious attachments.
Recent months have seen RomCom broadening its focus to include organizations in the U.S., Europe, and other regions involved in Ukraine-related humanitarian efforts. The group has been linked to attacks on zero-day vulnerabilities found in Firefox and Windows, making it a significant threat.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-8088 to its Known Exploited Vulnerabilities Catalog, urging urgent patching by September 2, 2025.
Protection Measures for Users
To protect against this threat, users are advised to immediately update WinRAR to version 7.13 or later, which contains the patch fixing this vulnerability. Versions before 7.13 remain vulnerable and should be upgraded as soon as possible.
Users should exercise extreme caution with unsolicited or unexpected RAR archives received via email, especially from unknown or suspicious senders. Employing endpoint security solutions capable of detecting malicious archive contents or abnormal extraction behavior can also provide additional protection.
Consider disabling the automatic extraction of archives or restricting archive extraction locations if administratively possible, to reduce the risk of malicious file placement.
In summary, CVE-2025-8088 remains a critical threat actively exploited by advanced attackers. Prompt patching to WinRAR 7.13 combined with vigilant user behavior around archive files is essential to protection.
Read also:
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Allocating €33 million to combat cyber threats in Latvia
- Chicago Sports Network assigns significant task to Mobile TV Group's 56FLEX for broadcasting sports events
- Collaborating Against Cybercriminals Through Data Exchange
