WinRAR Hackers Exploit Critical Flaw

A high-severity vulnerability in the widely used archiving tool WinRAR, designated CVE-2025-8088, is currently being exploited by various threat actors. Versions 7.12 and older are affected by this path traversal flaw, which carries a severity score of 8.4 out of 10. Security researchers have confirmed that both state-sponsored entities and financially motivated criminal groups are actively leveraging this vulnerability.

These malicious actors are utilizing WinRAR's Alternate Data Streams (ADS) feature to deploy malware. Google's Threat Intelligence Group observed the earliest signs of this abuse in mid-July 2025. The attackers trick users into opening malicious archives, which then extract hidden payloads to arbitrary locations on target devices. This has been observed in attacks against Ukrainian military units, with groups like RomCom deploying NESTPACKER and other state-sponsored actors dropping POISONIVY malware. Financially motivated groups are also using the flaw to distribute infostealers and RATs like XWorm and AsyncRAT. Users are urged to update to WinRAR version 7.13 or newer to safeguard against these ongoing threats.