“`html
The U.S. Cybersecurity and Infrastructure Security Agency has included this vulnerability in its Known Exploited Vulnerabilities catalog, with a deadline of September 2, 2025, for federal agencies to implement mitigations.
WinRAR has unveiled version 7.13 to rectify a critical security flaw that has been actively manipulated by cybercriminals, signifying another major security incident for the widely-used file compression application.
The vulnerability, identified as CVE-2025-8088, permits assailants to execute arbitrary code through maliciously designed archive files, necessitating prompt actions from users globally.
Severe Security Vulnerability Exploited by Russian Hackers
The recently uncovered vulnerability poses a significant threat to Windows users, with security analysts affirming its exploitation in ongoing campaigns.
CVE-2025-8088 is a path traversal vulnerability impacting the Windows variants of WinRAR, UnRAR, and related components, permitting specially crafted archives to circumvent user-defined extraction paths and save files in unintended directories on the file system.
This ability allows assailants to execute arbitrary code on compromised systems, rendering it a particularly hazardous security defect.
ESET analysts have correlated this vulnerability with exploitation by the Russian RomCom group, which has been directing efforts towards enterprises across Europe and Canada.
The cybersecurity firm’s investigative team, comprising Anton Cherepanov, Peter Košinár, and Peter Strýček, detected the vulnerability and informed WinRAR developers.
This vulnerability has been allocated a CVSS score of 8.4, categorizing it as HIGH severity, which highlights the urgency of this security concern.
Technical Specifications and Affected Platforms
The directory traversal vulnerability is distinct from a previously patched security issue that was resolved in WinRAR version 7.12, indicating that this constitutes a new attack vector requiring separate resolution. The impacted systems comprise:
- WinRAR for Windows – All desktop installations of the core software.
- RAR and UnRAR command-line utilities – Windows versions of these applications.
- UnRAR.dll and portable UnRAR – Dynamic library and standalone variants.
- Version range impacted – All WinRAR versions from 0 through 7.12.
- Unaffected platforms – Linux/Unix builds and RAR for Android remain secure.
The vulnerability impacts all WinRAR versions from 0 through 7.12, signifying that nearly all existing installations require urgent updates.
The path traversal mechanism enables malicious archives to evade their designated extraction directories, potentially overwriting system files or depositing executable code in locations where it can be executed automatically by the operating system.
This kind of attack may lead to total system compromise, data theft, or deployment of additional malware payloads.
WinRAR users must urgently upgrade to version 7.13, which was released on July 30, 2025, with revised release notes published on August 12, 2025.
The update addresses not only the critical security vulnerability but also rectifies several bugs from the previous version, including issues with the “Import settings from file” command and recovery size settings for older compression profiles.
The importance of this update cannot be overstated, particularly considering the confirmed exploitation in real-world scenarios. Organizations and individual users should prioritize this update across all Windows systems utilizing WinRAR.
In addition to the immediate security patch, WinRAR 7.13 maintains advanced NTFS features that set it apart from other compression tools, incorporating built-in options to preserve symbolic links and archive Alternate Data Streams (ADS).
These functionalities continue to be beneficial for backup, deployment, and forensic environments, however, users must ensure they are utilizing the most recent secure version to safely leverage these features.
Users unable to update immediately should contemplate ceasing the use of WinRAR until the update can be applied, especially in settings where untrusted archive files are frequently processed.
“`