1
The widely-used file compression software WinRAR recently faced a critical zero-day vulnerability that posed a significant threat of code execution attacks. Despite WinRAR releasing a patch to fix the flaw, cybercriminals managed to exploit the vulnerability to distribute RomCom malware through maliciously crafted archived files.
RomCom Malware Leveraged WinRAR Zero-Day Vulnerability
Security researchers at ESET uncovered a zero-day vulnerability in WinRAR that could potentially lead to code execution. This vulnerability, identified as CVE-2025-8088, was a path traversal flaw affecting the Windows version of WinRAR.
WinRAR described the vulnerability as follows:
Previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code, and UnRAR.dll could be manipulated to use a path specified in a specially crafted archive instead of the user-defined path when extracting a file.
It’s important to note that this vulnerability does not impact Unix and Android versions of RAR software.
Unix versions of RAR, UnRAR, portable UnRAR source code, as well as RAR for Android, remain unaffected by this vulnerability.
According to findings by BleepingComputer, ESET researchers observed threat actors exploiting this vulnerability to deploy the RomCom backdoor through phishing attacks using malicious RAR files sent via email.
RomCom is a Russian cyber threat group known for carrying out espionage and targeted attacks against various organizations. This group has previously exploited zero-day vulnerabilities, including a Microsoft zero-day in 2023 targeting the NATO Summit. The recent exploitation of the WinRAR zero-day for their malware campaign further highlights the sophistication of these threat actors.
WinRAR Releases Patch for the Vulnerability – Update Your Systems Immediately
Following the disclosure by researchers, WinRAR promptly addressed the vulnerability by releasing the fix in WinRAR version 7.13. This update not only addresses the security issue but also includes fixes for other feature bugs to enhance user experience.
Given the severity of the zero-day vulnerability and the importance of bug fixes, it is imperative for WinRAR users to update their systems promptly to mitigate any potential risks.
Furthermore, organizations should remain vigilant against phishing and spearphishing attempts. Regular employee training sessions on cybersecurity awareness can help prevent threats arising from malicious file interactions.
We invite you to share your thoughts and insights in the comments section below.
