WinRAR ADS path-traversal flaw drives ongoing global intrusions

January 28, 2026 at 03:42 AM

•

1 min read

WinRAR ADS path-traversal flaw drives ongoing global intrusions — Photo: BleepingComputer

TL;DR Summary

Security researchers warn that WinRAR CVE-2025-8088, a high-severity path-traversal flaw abusing Alternate Data Streams to drop payloads, remains actively exploited by both state-backed groups and financially motivated criminals. The exploit chain hides malicious ADS inside decoy files and uses directory traversal to drop LNK/HTA/BAT/CMD payloads that execute on login. Actors such as RomCom/UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked groups have used it for espionage and malware delivery, while criminals distribute RATs and info-stealers, with exploits marketed by underground actors. The activity underscores exploit commoditization and emphasizes the need to patch WinRAR promptly to mitigate ongoing risk.

Topics:technology #alternate-data-streams #cve-2025-8088 #path-traversal #romcom #security #winrar

Share this article

WinRAR path traversal flaw still exploited by numerous hackers BleepingComputer
WinRAR is being used to launch cyberattacks, a company reveals. TI INSIDE Online
Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect CyberScoop
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 Google Cloud

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

89%

852 → 96 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights