Russia-linked attackers exploited a high-severity WinRAR vulnerability (CVE-2025-8088) before it was patched, using targeted spearphishing campaigns against European and Canadian companies. The vulnerability involves a path-traversal flaw that was exploited via malicious archives containing ADSes, leading to malware deployment and backdoors like Mythic, SnipBot, and RustyClaw. Multiple threat groups, including RomCom and Paper Werewolf, have used this zero-day in targeted attacks, highlighting the importance of timely updates and vigilance.
Researchers revealed that the Russian RomCom hacking group exploited a previously unknown WinRAR path traversal vulnerability (CVE-2025-8088) in July 2025 to deliver malware via malicious archives, leading to the release of a patch by WinRAR. The attack involved hiding malicious files in alternate data streams and executing malware upon archive extraction, with multiple malware families identified. Users are advised to update WinRAR manually as it lacks an auto-update feature.
The WinRAR utility has released version 7.13 to fix a critical zero-day vulnerability (CVE-2025-8088) actively exploited in the wild, which could allow attackers to execute arbitrary code through malicious archive files. The vulnerability, related to path traversal, has been linked to recent attacks by threat groups like Paper Werewolf, targeting Russian organizations via phishing. Users are urged to update to the latest version immediately to mitigate risks.
A critical security vulnerability in Windows WinRAR (CVE-2025-8088) allows attackers to craft malicious archive files that can place malware in system folders, including startup directories, leading to automatic execution of malicious code at startup. The flaw has been exploited in phishing campaigns by the RomCom cyber-espionage group. Users are urged to update to WinRAR version 7.13 Final manually to patch the vulnerability and enhance security.
