22
The popular file archiving tool WinRAR had a serious zero-day vulnerability threatening systems with code execution attacks. While WinRAR has now addressed the flaw, it turns out that the zero-day still went under attack to deliver RomCom malware via maliciously crafted archived files.
RomCom Exploited WinRAR Zero-Day Flaw
ESET security researchers discovered a zero-day flaw in the WinRAR file archiving tool that could allow code execution. More specifically, it was a path traversal vulnerability that affected WinRAR for Windows.
Identified as CVE-2025-8088, the vulnerability received a high severity rating and a CVSS score of 8.4. Describing it in detail, WinRAR stated,
When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path.
WinRAR also confirmed that this specific vulnerability does not impact Unix and Android RAR versions.
Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected.
According to BleepingComputer, ESET researchers found this vulnerability under active attack to deliver the RomCom backdoor. They noticed that the threat actors perform spearphishing attacks by delivering maliciously crafted RAR files via email.
RomCom is a Russian threat actor group known for performing espionage and targeted attacks against organizations. This threat actor group recently made it to the news when ESET researchers observed them exploiting two zero-day vulnerabilities to deliver backdoors. The same group also exploited another Microsoft zero-day in 2023 to target the NATO Summit. And now, the recent WinRAR zero-day exploitation for their malware campaign just adds to the hackers’ growing list of exploits.
WinRAR Patched The Vulnerability – Update Your Systems Now!
Following the researchers’ report, WinRAR addressed the flaw, releasing the fix with WinRAR version 7.13. Alongside these security fixes, the service also addressed other feature bugs with this release.
Given the threat severity associated with the zero-day and the other bug fixes for a smooth user experience, WinRAR users must ensure to update their systems with the latest release to avoid the risk.
In addition, it’s also crucial to stay wary of phishing and spearphishing attacks. Organizations should ensure conducting regular awareness sessions for their employees to avoid threats due to interactions with malicious files.
Let us know your thoughts in the comments.
