Exploitation of WinRAR Vulnerability by Russian Cybercriminals - Safeguard Strategies Discussed
Breaking News: WinRAR Zero-Day Vulnerability Under Active Exploitation
ESET Security Researchers have discovered a high-severity path traversal flaw in WinRAR, tracked as CVE-2025-8088. This vulnerability, currently being actively exploited, allows attackers to place malicious files in system paths, potentially causing harm to computers and allowing automatic execution when the system starts.
The vulnerability, with a CVSS score of 8.4–8.8, affects Windows versions of WinRAR prior to version 7.13 and related components like UnRAR.dll. It has been exploited by the Russian-aligned hacking group RomCom, enabling silent installation and automatic execution on reboot, effectively giving remote code execution capabilities to the attackers.
RomCom, also known as Storm-0978, has leveraged this vulnerability to deliver sophisticated backdoors including SnipBot, RustyClaw, and Mythic Agent. The group, known for its links to Russian cybercrime and cyber-espionage operations, has targeted sectors like financial services, manufacturing, defense, and logistics in Europe and Canada.
The maintainers of WinRAR released the patched version on July 30, 2025, soon after the discovery was reported. Given the flaw is under active exploitation with evidence of it being sold on the dark web for $80,000, the update is critical for all Windows users still running vulnerable versions.
In the case of CVE-2025-8088, these emails typically carried RAR archives disguised as job applications, government documents, or other official files. The flaw allows hackers to place files on a computer in locations they typically find difficult to access, a process known as a directory traversal flaw. Malicious files can operate silently in the background, allowing hackers to execute commands remotely after a reboot.
To mitigate ongoing risks from this serious vulnerability actively weaponized by a highly capable APT group linked to Russia, users are advised to:
- Update WinRAR immediately to version 7.13 or later.
- If possible, audit your network for vulnerable WinRAR installations using security intelligence tools such as OPENVAS or Qualys.
- Monitor for suspicious activity related to RomCom TTPs (tools, techniques, and procedures).
- Maintain vigilance given this is a zero-day that has already led to active attacks, including stealthy backdoors.
Non-Windows versions of WinRAR and UnRAR are not affected by this vulnerability. It's also worth noting that WinRAR doesn't automatically update, so users need to install the latest version manually.
Since the emergence of RomCom in mid-2022, targeting governments, energy, military, and water infrastructure in Ukraine, the group has broadened its focus to include organizations in the U.S., Europe, and other regions involved in Ukraine-related humanitarian efforts.
This is not the first time WinRAR has been targeted. Earlier in the year, another vulnerability, CVE-2025-31334, was discovered, which affected versions prior to 7.11 and allowed attackers to bypass Windows Mark of the Web security warning function.
In conclusion, timely patching is essential to mitigate ongoing risks from this serious vulnerability actively weaponized by a highly capable APT group linked to Russia. Stay safe and keep your systems updated.
- To protect your PC from potential harm and ensure cybersecurity, immediately update WinRAR to version 7.13 or later on your Windows system.
- For additional protection, consider auditing your network for any vulnerable WinRAR installations using tools like OPENVAS or Qualys.
- Regularly monitor your system for suspicious activities related to RomCom's tools, techniques, and procedures (TTPs).
- Given the zero-day nature of this vulnerability, maintain a heightened level of vigilance, as active attacks, including stealthy backdoors, have already been reported.
- It's worth noting that Microsoft 365 and Xbox users can also benefit from the importance of software updates, as they help maintain technology's vital aspects like security, performance, and compatibility, just like the need for updating WinRAR for PC gaming enthusiasts on Windows.
