A serious security vulnerability has been discovered in WinRAR, a file compression tool with over 500 million users worldwide. Identified as CVE-2025-8088, this vulnerability allowed attackers to install malware on victims’ computers using specially crafted RAR files.
WinRAR Critical Vulnerability Patched
The vulnerability was patched in WinRAR version 7.13. However, because the application lacks an automatic update system, users must manually update. According to the technical details of the vulnerability, WinRAR normally extracts compressed files to a user-specified folder. However, the CVE-2025-8088 vulnerability allows files to be extracted to another directory specified by the attacker.
How is WinRAR password cracking done?
This vulnerability paves the way for malicious code to be placed on the system and executed. Security researchers have determined that the vulnerability is actively exploited in RAR files distributed through phishing emails.
According to an investigation by ESET, the attacks aimed to spread the RomCom malware. RomCom is a software previously known for its ability to steal sensitive data, remotely control systems, and install other malware. ESET stated that RomCom has ties to pro-Russian groups. The RAR files used in the attacks were sent to users as email attachments.
This vulnerability was patched with the release of WinRAR’s version 7.13 update. According to the released release notes, the vulnerability affected not only previous versions of WinRAR but also Windows versions of RAR, UnRAR, the UnRAR source code, and the UnRAR.dll file. Therefore, not only the main program but also other system components that use WinRAR technology need to be updated.
Currently, WinRAR does not offer automatic updates, so users must manually download and install version 7.13 from the official website. This update is especially crucial for users who frequently work with RAR files.
