A critical zero-day vulnerability in WinRAR, tracked as CVE-2025-8088 with a CVSS score of 8.8, has been discovered and is currently being exploited, prompting users to update to version 7.13 released on August 9, 2025.

This vulnerability, classified as a 'Path Traversal' issue, allows attackers to manipulate archive files, tricking WinRAR into saving malicious files in unintended locations, which can lead to arbitrary code execution.

By exploiting this flaw, attackers can execute malicious code automatically upon user login, effectively granting them remote access to the compromised system.

This incident follows a similar vulnerability addressed earlier in 2025 (CVE-2025-6218) in version 7.12, highlighting ongoing security concerns with WinRAR.

Users are advised to manually update to version 7.13, as WinRAR does not have an automatic update feature, to mitigate the risks associated with this security flaw.

ESET researchers have reported that spearphishing emails containing RAR attachments have been exploiting this vulnerability to install 'RomCom' backdoors, linked to a Russian cyber gang known for ransomware and data theft.

The RomCom group, suspected to be behind these attacks, utilizes a Remote Access Trojan (RAT) that has been active since at least 2022.

This cyberespionage group has a history of similar exploits, previously targeting users through vulnerabilities in browsers like Mozilla Firefox and Tor Browser.

While it remains unclear how the vulnerability is being exploited in real-world scenarios, past incidents suggest that multiple threat actors, including those from China and Russia, have taken advantage of WinRAR vulnerabilities.

The attacks typically involve extracting files to sensitive locations, such as the Windows Startup folder, enabling code execution upon system login.

ESET researchers Anton Cherepanov, Peter Kosinar, and Peter Strycek highlighted that previous versions of WinRAR can be tricked into using incorrect paths during file extraction, further exacerbating the issue.

Affected versions include older releases of RAR, UnRAR, and related components, while Unix and Android versions are not impacted.