The U.S. Cybersecurity and Infrastructure Safety Company has added this vulnerability to its Identified Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal businesses to use mitigations.
WinRAR has launched model 7.13 to handle a important safety vulnerability that has been actively exploited by cybercriminals, marking one other vital safety incident for the favored file compression software program.
The vulnerability, designated CVE-2025-8088, permits attackers to execute arbitrary code by means of maliciously crafted archive information, prompting fast motion from customers worldwide.
Important Safety Flaw Exploited by Russian Hackers
The newly found vulnerability represents a severe menace to Home windows customers, with safety researchers confirming that it has been exploited in lively campaigns.
CVE-2025-8088 is a path traversal vulnerability that impacts the Home windows variations of WinRAR, UnRAR, and related elements, permitting specifically crafted archives to bypass user-specified extraction paths and write information to unintended places on the file system.
This functionality allows attackers to execute arbitrary code on compromised techniques, making it a very harmful safety flaw.
ESET researchers have linked this vulnerability to exploitation by the Russian RomCom group, which has been focusing on firms throughout Europe and Canada.
The cybersecurity agency’s analysis staff, together with Anton Cherepanov, Peter Košinár, and Peter Strýček, found the vulnerability and reported it to WinRAR builders.
The vulnerability has been assigned a CVSS rating of 8.4, classifying it as HIGH severity, which underscores the important nature of this safety problem.
Technical Particulars and Affected Methods
The listing traversal vulnerability is distinct from a beforehand patched safety flaw that was addressed in WinRAR model 7.12, indicating that this represents a brand new assault vector that required separate remediation. The affected techniques embrace:
WinRAR for Home windows – All desktop installations of the first software program.
RAR and UnRAR command-line utilities – Home windows variations of those instruments.
UnRAR.dll and transportable UnRAR – Dynamic library and standalone variations.
Model vary affected – All WinRAR variations from 0 by means of 7.12.
Unaffected platforms – Linux/Unix builds and RAR for Android stay safe.
The vulnerability impacts all WinRAR variations from 0 by means of 7.12, which means that just about all current installations require fast updating.
The trail traversal mechanism permits malicious archives to flee their supposed extraction directories, probably overwriting system information or putting executable code in places the place it may be mechanically executed by the working system.
The sort of assault can result in full system compromise, knowledge theft, or deployment of further malware payloads.
WinRAR customers should instantly replace to model 7.13, which was launched on July 30, 2025, with up to date launch notes revealed on August 12, 2025.
The replace addresses not solely the important safety vulnerability but additionally fixes a number of bugs from the earlier model, together with points with the “Import settings from file” command and restoration dimension settings for older compression profiles.
The urgency of this replace can’t be overstated, significantly given the confirmed exploitation within the wild. Organizations and particular person customers ought to prioritize this replace throughout all Home windows techniques operating WinRAR.
Past the fast safety repair, WinRAR 7.13 continues to supply superior NTFS options that distinguish it from different compression instruments, together with built-in choices to protect symbolic hyperlinks and archive Alternate Knowledge Streams (ADS).
These capabilities stay invaluable for backup, deployment, and forensic environments, however customers should guarantee they’re operating the most recent safe model to learn from these options safely.
Customers who can’t instantly replace ought to think about discontinuing use of WinRAR till the replace could be utilized, significantly in environments the place untrusted archive information are usually processed.
Uncover full scope of any assault any assault from hidden redirects to payloads in minutes — Strive ANY.RUN free for 14 days.
