Patch Now: New WinRAR Flaw Used to Deliver Malware
A new vulnerability in the popular file-archiving tool WinRAR has been discovered by security researchers, and it's being used to spread malware through phishing emails.
The flaw, identified as CVE-2025-8088, was first reported by BleepingComputer, which revealed that maliciously crafted archive files can exploit this vulnerability. Normally, WinRAR is designed to extract files from an archive to the user's specified path. However, through this flaw, a booby-trapped file can extract the data to a hacker-selected path, effectively executing rogue computer code on a victim's machine.
Three researchers at antivirus provider ESET discovered the vulnerability and have warned users about the potential risks. According to ESET, the company has observed spearphishing emails with attachments containing RAR files that exploit this CVE-2025-8088 to deliver RomCom backdoors. RomCom is a Russia-aligned group known for stealing sensitive data and installing other malicious payloads.
The good news is that WinRAR patched the vulnerability last week with version 7.13 Final, providing users with protection against this new threat. However, the popular file-archiving tool lacks an auto-update mechanism, leaving it up to users to manually download and install the new version to receive protection.
According to the release notes, the problem affects "previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and Unrar.dll." However, Unix versions of RAR, Unrar, portable Unrar source code and Unrar library, as well as RAR for Android, are not affected.
As a free archive utility, WinRAR has attracted over 500 million users worldwide. This new vulnerability highlights the importance of regular software updates and user vigilance in protecting against malware threats.
In June, WinRAR also patched a separate flaw that could be exploited through booby-trapped archive files as well. While this new vulnerability is being actively addressed by the company, it serves as a reminder to users to stay informed about security updates and patches for their software.