Details emerge on WinRAR zero-day attacks that infected PCs with malware

What’s new: A zero-day vulnerability in WinRAR, tracked as CVE-2025-8088, has been exploited by the Russian hacking group RomCom to deliver malware. The vulnerability, a path traversal flaw, was discovered by ESET on July 18, 2025, and a patch was released on July 30, 2025. Malicious RAR files utilize alternate data streams to hide payloads that execute upon opening the archive.

Who’s affected

Organizations and users relying on WinRAR for file management are at risk, particularly those who have not updated to version 7.13 or later, which contains the fix for CVE-2025-8088.

What to do

• Update WinRAR to version 7.13 or later immediately to mitigate the vulnerability.
• Monitor systems for indicators of compromise related to RomCom malware, including Mythic Agent, SnipBot, and MeltingClaw.
• Review and restrict the use of RAR files from untrusted sources.

Sources

• BleepingComputer