New WinRAR Zero-Day PC Vulnerability Exploited by Hackers — What You Need to Know

WinRAR is a widely used unarchiving tool on Windows that has been plagued by a significant vulnerability in recent times. A newly discovered zero-day flaw, tracked as CVE-2025-8088, has been actively exploited by hackers, according to ESET Security Researchers. This vulnerability has been linked to a Russian-aligned hacking group known as RomCom, which has a history of targeting governments, infrastructure, and non-governmental organizations.

How the WinRAR Zero-Day Vulnerability Works

The flaw works by allowing hackers to place files on your computer in locations they usually find difficult to access. It's known as a directory traversal flaw, which means malicious files can be extracted outside of the folder you choose. Specifically, versions before 7.13 of WinRAR are affected, with Windows PCs being the primary target.

The exploit lets attackers place files in system paths that can be used to harm your computer, including locations that make those files run automatically when the system starts. Once in place, the malicious files can operate silently in the background, allowing hackers to execute commands remotely after a reboot.

The Russian-Linked Hacking Group Behind the Attacks

RomCom, also tracked as Storm-0978, is a hacking group with links to Russian cybercrime and cyber-espionage operations. They first appeared in mid-2022, targeting governments, energy, military, and water infrastructure in Ukraine. Since then, they have broadened their focus to include organizations in the U.S., Europe, and other regions involved in Ukraine-related humanitarian efforts.

The group is known for adapting its malware and delivery methods quickly, exploiting any vulnerabilities it can find. They often rely on spear-phishing campaigns, sending targeted emails designed to look legitimate and persuade recipients to open malicious attachments. In the case of CVE-2025-8088, these emails typically carried RAR archives disguised as job applications, government documents, or other official files.

Why You Need to Update Manually

WinRAR doesn't automatically update, so you'll need to install the latest version yourself. The fix for this flaw arrived with version 7.13, and anyone running an older release is still at risk. Updating is quick and straightforward, but it's essential to act now, as attackers are already exploiting the bug.

Keeping WinRAR up to date not only protects you from these known flaws but also reduces the risk of falling victim to future vulnerabilities. It's crucial to stay vigilant and take proactive measures to protect yourself against cyber threats.

Patch Status Update

In recent months, other archive-related vulnerabilities have been discovered, including CVE-2025-6218. While it's essential to keep WinRAR up to date, it's also important to stay informed about the latest patches and updates.

Stay safe online by regularly checking for updates and patching your software promptly. It's always better to err on the side of caution when it comes to cybersecurity.

Protect Yourself

To protect yourself against this vulnerability, follow these steps:

  1. Update WinRAR to version 7.13 or later immediately.
  2. Regularly check for updates and patch your software promptly.
  3. Avoid opening suspicious emails or attachments from unknown sources.
  4. Use strong passwords and enable two-factor authentication whenever possible.

By taking these simple steps, you can significantly reduce the risk of falling victim to this vulnerability. Stay safe online!