Critical WinRAR Flaw (CVE-2025-8088) Exploited in the Wild, Patch Released
The developers of the popular pack program WinRAR have closed a critical security gap that has already been actively used by attackers. The weak point made it possible to push in a system from foreign code.
Insert code
The weak point, recorded under the identifier CVE-2025-8088 With a CVSS score of 8.8, the Windows version of the software affects. The attackers can use prepared archive files to carry out any code when unpacking. This was made possible by a so -called Path Traversal, in which the program laid files outside the intended target folder by manipulated path.
The problem of security experts from ESET – Anton Cherepanov, Peter Kosinar and Peter Strycek was discovered. The gap was already remedied with the WinRAR version 7.13 released on July 31, 2025, but at this point information was still silent about the specific core problem in order not to meet other criminals before many installations are updated. Previous versions, including Rar, Unrar, Unrar.dll and the portable unrar source code, are vulnerable.
How exactly the weak point is exploited in real attacks is still officially unclear. However, there are indications that the Russian hacker group “Paper Werewolf” has abused both CVE 2025-8088 and another WinRAR gap (CVE 2025-6218). The latter was closed in June 2025. Both errors allow files to write files in sensitive system directories such as the Windows starting folder – a gate of powers for malware that is automatically carried out the next time the system start.
As early as July 7, 2025, a cyber criminal is said to have offered an alleged WinRAR-Zero-Day for $ 80,000 under the pseudonym “Zeroplayer” in the Russian-speaking Darknet-Forum Exploit.in. It is believed that Paper Werewolf has acquired this exploit and used for targeted attacks.
Attacks in Russia
According to a report by the security company BI.Zone, Russian organizations were attacked with phishing emails in July 2025. The archives contained triggered the security gaps when opened, installed malicious code and showed the victims harmless documents for distraction. One of the invited malice components was a load that was programmed in C#, which sent system information to an external server and released further malware.
At the same time, the competitor 7-Zip also reported the correction of a security gap (CVE-2025-55188, CVSS 2.7), which could lead to unauthorized file overruns by unsafe treatment of symbolic links when unauthorized. Unix systems are particularly at risk, but under certain conditions, Windows computers can also be attacked. WinRAR and 7-Zip users should immediately update the latest versions to minimize the risk of infection.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
