WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away
Iconic archiving platform WinRAR carried a dangerous zero-day vulnerability which could have let hackers plant malware on compromised computers, security researchers are warning. Recently, researchers from ESET discovered a directory traversal vulnerability in the latest version of WinRAR. The flaw is now tracked as CVE-2025-8088, and was given a severity score of 8.4/10 (high). This means that the vulnerability is considered critical and should be addressed urgently by users.
The flaw is located in the way WinRAR handles file paths during extraction, allowing attackers to manipulate the program into using a malicious path instead of the user-specified one. This can lead to the deployment of malware on infected systems, giving hackers full access to the compromised computers. The vulnerability was being abused by hackers in the wild to drop RomCom's malware variants, further highlighting its severity.
ESET's researchers said that the flaw was being used in spear phishing attacks by the Russian-speaking threat actor known as RomCom. This group is notorious for running espionage and financially-motivated attacks on government, military, and critical infrastructure organizations. The use of spear phishing in this attack would allow the hackers to target specific individuals or organizations with tailored attacks.
RomCom's tactics have been documented by other security outfits under various monikers, including Storm-0978, Tropical Scorpius, and UNC2596. The group is known for spoofing legitimate software in its attacks, with the RomCom RAT being its flagship malware.
After the discovery of the vulnerability, WinRAR released a patch to fix the flaw. The first clean version is 7.13, which can be downloaded by users to protect themselves from this attack.
Patch details and user responsibility
"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," WinRAR explained in its changelog. This means that users who do not update to version 7.13 immediately will remain vulnerable to this attack.
WinRAR is a type of program that doesn’t update automatically, so it's up to the users to take responsibility for keeping their software up-to-date. Users must manually download and install the latest version to protect themselves from this vulnerability.
A call to action
Security researchers are urging users to patch this vulnerability as soon as possible to prevent potential attacks. The longer users wait, the more time hackers have to exploit this vulnerability and spread malware. It's essential to prioritize cybersecurity and keep software up-to-date to stay safe online.