Details emerge on WinRAR zero-day attacks that infected PCs with malware
What’s new: A report has revealed that the Russian hacking group RomCom exploited a zero-day vulnerability in WinRAR, tracked as CVE-2025-8088, to deliver various malware payloads. The vulnerability, a path traversal flaw, was discovered on July 18, 2025, and a patch was released on July 30, 2025. The attacks involved malicious RAR archives that used alternate data streams to hide malware, which was executed upon opening the archives.
Who’s affected
Users of WinRAR, particularly those who have not updated to version 7.13 or later, are at risk of infection from the exploits leveraging CVE-2025-8088. Organizations relying on WinRAR for archive management are especially vulnerable.
What to do
- Update WinRAR to version 7.13 or later to mitigate the vulnerability (CVE-2025-8088).
- Monitor systems for indicators of compromise related to RomCom malware.
- Educate users about the risks of opening untrusted RAR archives.
