Particle.news
Download on the App Store
13 ARTICLES
·
2d ago

WinRAR Issues Patch for Zero-Day Exploited by Two Russia-Aligned Groups

Manual deployment of patch 7.13 is essential to shield WinRAR’s vast user base from further abuse of the alternate data stream exploit.

Image
WinRAR zero-day CVE-2025-8088 exploited by RomCom
Image
WinRAR zero-day

Overview

  • CVE-2025-8088 is a high-severity path traversal flaw in WinRAR that leverages Windows alternate data streams to extract hidden payloads to attacker-defined locations.
  • ESET first identified malicious RAR activity on July 18 and notified WinRAR developers on July 24, leading to a beta fix days later and the full 7.13 release on July 30.
  • Security firms have published detailed analyses and indicators of compromise showing that Russia-aligned RomCom and Paper Werewolf used the zero-day in targeted spearphishing campaigns.
  • Although none of the July targets were successfully breached, exploit code is circulating in underground markets and poses a risk of broader reuse by other actors.
  • WinRAR lacks an automatic updater, so users and organizations must manually install version 7.13 and scan for malicious DLLs and LNK files in %TEMP%, %LOCALAPPDATA% and Startup directories.