Particle.news
Download on the App Store
4 ARTICLES
·
2d ago

RomCom Exploits Persist as WinRAR Users Delay 7.13 Zero-Day Patch

Users must manually update to WinRAR 7.13 to guard against directory traversal exploits delivering RomCom backdoors

WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware

Overview

  • CVE-2025-8088 is a directory traversal zero-day in WinRAR that enables malicious archives to place executables in Windows Startup folders for remote code execution on login.
  • ESET researchers Anton Cherepanov, Peter Košinár and Peter Strýček discovered the flaw and reported that Russia-aligned RomCom hackers used spear-phishing emails with crafted RAR attachments to deploy persistent backdoors.
  • WinRAR 7.13, released on August 8, closes this path traversal vulnerability and requires manual installation because the software lacks an auto-update mechanism.
  • Security firms warn that many installations remain exposed as users postpone the update and RomCom continues its phishing campaigns across vulnerable environments.
  • Experts recommend downloading the latest WinRAR version from the official site and verifying installation status to prevent further zero-day exploits.