WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware

Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to stay protected. Learn how a Russia-linked group is using this vulnerability and why you must manually update to WinRAR 7.13 now to stay safe.

WinRAR, a popular tool used by millions to manage compressed files, has been found to have a serious security weakness that was being actively exploited by hackers. The flaw, officially named CVE-2025-8088, allowed attackers to trick the program into installing malware on users’ computers without their knowledge. Security researchers at the firm ESET discovered and disclosed the issue, which has since been patched by WinRAR in a new update.

****How the Attack Worked****

The vulnerability is a type of path traversal bug. This means a malicious file could be designed to make WinRAR save a file in a different location than where the user intended, such as the computer’s Startup folder. This enabled attackers to execute their own code.

According to a tweet from CVE (@CVEnew), this vulnerability was exploited to run what’s known as arbitrary code on a victim’s computer. The hackers’ goal was to deliver a malicious software called RomCom backdoor through specially crafted archive files sent in phishing emails.

These deceptive emails tricked people into opening the harmful attachments. For your information, RomCom malware is known for its ability to steal sensitive data and install other harmful programs, creating a serious security risk for anyone affected.

CVE on X

****The Russian Link****

Researchers from ESET, including Anton Cherepanov, Peter Košinár, and Peter Strýček, identified that the group behind this attack is a cyberespionage team suspected of being linked to Russia. This group has been known to carry out similar attacks in the past, targeting users in Europe and North America with different types of malware.

In late 2024, as reported by Hackread.com, they were exposed for exploiting a vulnerability in popular browsers like Mozilla Firefox and Tor Browser, which allowed them to run malicious code just by a user visiting a specific webpage.

Fortunately, there is a simple fix. WinRAR has released an update, version 7.13, which closes this dangerous security loophole. However, WinRAR does not automatically update itself, so it is up to each individual user to take action. To protect yourself from this threat, you must manually download and install the new version of WinRAR. Users who do not update will remain vulnerable to this specific attack.