Exploitation of a WinRAR Vulnerability by Russian Cybercriminals - Safety Measures to Implement
Breaking News: Critical WinRAR Vulnerability Actively Exploited by Russian-aligned Hacking Group
A zero-day vulnerability in WinRAR, known as CVE-2025-8088, has been discovered and is currently being actively exploited by the Russian-aligned hacking group RomCom. This critical directory traversal vulnerability affects Windows versions of WinRAR up to version 7.12, allowing attackers to execute arbitrary code on targeted systems.
The latest recommended version to avoid active exploitation of this vulnerability is WinRAR version 7.13, which was released on July 30, 2025. This version contains the security patch that fixes the path traversal flaw exploited in the wild.
RomCom, also known as Storm-0978, is a hacking group linked to Russian cybercrime and cyber-espionage operations. The group has a history of targeting governments, infrastructure, and non-governmental organizations. They often rely on spear-phishing campaigns, sending targeted emails designed to look legitimate and persuade recipients to open malicious attachments.
In the case of CVE-2025-8088, these emails typically carried RAR archives disguised as job applications, government documents, or other official files. Once opened, the exploit allows attackers to place malicious files in system paths, including locations that can make those files run automatically when the system starts. These malicious files can operate silently in the background, allowing hackers to execute commands remotely after a reboot.
RomCom has used this vulnerability to deliver spyware and other malicious programs, including SnipBot, RustyClaw, and Mythic Agent. Since then, it has broadened its focus to include organizations in the U.S., Europe, and other regions involved in Ukraine-related humanitarian efforts.
It's essential for users to update immediately to WinRAR 7.13 to mitigate this high-severity issue and protect their systems from remote code execution attempts via malicious archive files. Unfortunately, WinRAR doesn't automatically update, so users need to install the latest version manually.
This is not the first time archive-related vulnerabilities have been discovered. Recent months have seen other such vulnerabilities, including CVE-2025-6218. As always, it's crucial to keep software up-to-date to ensure the best possible protection against cyber threats.
[1] ESET Security Researchers. (2025). WinRAR Zero-Day Vulnerability (CVE-2025-8088) Actively Exploited. Retrieved from https://www.welivesecurity.com/2025/07/30/winrar-zero-day-vulnerability-cve-2025-8088-actively-exploited/
[2] Krebs, B. (2025). WinRAR Zero-Day Vulnerability Actively Exploited in Targeted Attacks. Retrieved from https://krebsonsecurity.com/2025/07/winrar-zero-day-vulnerability-actively-exploited-in-targeted-attacks/
[3] ZDNet. (2025). WinRAR Zero-Day Vulnerability Actively Exploited in Attacks. Retrieved from https://www.zdnet.com/article/winrar-zero-day-vulnerability-actively-exploited-in-attacks/
[4] CyberScoop. (2025). RomCom hacking group exploits WinRAR zero-day vulnerability in targeted attacks. Retrieved from https://www.cyberscoop.com/romcom-hacking-group-exploits-winrar-zero-day-vulnerability-in-targeted-attacks/
[5] The Hacker News. (2025). WinRAR Zero-Day Vulnerability Actively Exploited by RomCom Hacking Group. Retrieved from https://thehackernews.com/2025/07/winrar-zero-day-vulnerability-actively.html
Read also:
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
- Law enforcement access to encrypted user data is denied by Apple, following a UK court order.
