Overview
- CVE-2025-8088 is a high-severity path traversal flaw in WinRAR that leverages Windows alternate data streams to extract hidden payloads to attacker-defined locations.
- ESET first identified malicious RAR activity on July 18 and notified WinRAR developers on July 24, leading to a beta fix days later and the full 7.13 release on July 30.
- Security firms have published detailed analyses and indicators of compromise showing that Russia-aligned RomCom and Paper Werewolf used the zero-day in targeted spearphishing campaigns.
- Although none of the July targets were successfully breached, exploit code is circulating in underground markets and poses a risk of broader reuse by other actors.
- WinRAR lacks an automatic updater, so users and organizations must manually install version 7.13 and scan for malicious DLLs and LNK files in %TEMP%, %LOCALAPPDATA% and Startup directories.
 
  
  
 