CISA Warns of Actively Exploited WinRAR Zero-Day Vulnerability (CVE-2025-8088)

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical vulnerability, designated CVE-2025-8088, to its Known Exploited Vulnerabilities catalog. Federal agencies are required to implement mitigations by September 2, 2025. WinRAR has released version 7.13 to address this vulnerability, which has been actively exploited by cybercriminals. This security flaw allows attackers to execute arbitrary code through maliciously crafted archive files, posing a significant threat to Windows users. Security researchers have confirmed that the vulnerability has been exploited in active campaigns, particularly by the Russian RomCom group targeting companies across Europe and Canada. The vulnerability has been assigned a CVSS score of 8.4, indicating its high severity and the urgent need for users to take action.

The path traversal vulnerability affects all Windows versions of WinRAR, UnRAR, and associated components, allowing specially crafted archives to bypass user-specified extraction paths. This capability enables attackers to write files to unintended locations on the file system, potentially leading to complete system compromise, data theft, or the deployment of additional malware payloads. All WinRAR versions from 0 through 7.12 are affected, necessitating immediate updates for virtually all existing installations. Unaffected platforms include Linux/Unix builds and RAR for Android, which remain secure. Users are strongly advised to update their software to mitigate the risks associated with this critical security flaw. 

Categories: Cybersecurity Vulnerabilities, Software Updates, Exploitation Threats 

Tags: Vulnerability, WinRAR, CVE-2025-8088, Cybersecurity, Exploitation, Path Traversal, Security Flaw, Critical Severity, Mitigations, Users