Introduction
A critical zero-day vulnerability in WinRAR, CVE‑2025‑8088, is being actively exploited. Users are urged to update to WinRAR 7.13 immediately.
What’s the Vulnerability?
- Type: Directory traversal
- Mechanism: Malicious RAR files abuse extraction paths
- Affected: Windows versions of WinRAR, UnRAR.dll, RAR
- Not Affected: Unix and Android versions
- Severity: High (CVSS ~8.8)
Who’s Exploiting It?
- RomCom – Russia-aligned group using RAR archives in phishing campaigns.
- Paper Werewolf (GOFFEE) – Also linked to previous WinRAR CVEs and ongoing campaigns.
Why This Matters
- Enables automatic malware execution by writing files to Startup folders.
- Phishing emails disguised as resumes or reports trick users easily.
- WinRAR has a history of similar vulnerabilities (e.g., CVE‑2023‑38831).
Mitigations & Recommendations
- Update now to WinRAR version 7.13 (manual update required).
- Beware of RAR attachments from unknown sources.
- Use endpoint protection to detect malicious payloads.
- Train users on phishing awareness and safe archive handling.
Key Details Snapshot
| Detail | Description |
|---|---|
| CVE | CVE‑2025‑8088 |
| Risk Type | Path traversal |
| Severity | High (CVSS ~8.8) |
| Impact | Malware execution via Startup folders |
| Affected | WinRAR (Windows), UnRAR.dll |
| Fixed In | WinRAR 7.13 |
| Active Exploitation | Yes |
| Attack Vectors | Phishing with RAR attachments |
