WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away

News
By published

Older versions of WinRAR were carrying a major vulnerability

  • ESET found a high-severity bug in WinRAR being used by RomCom, a known Russian hacking collective
  • The bug was being used to deploy backdoors allowing full access to compromised computers
  • WinRAR says it has fixed the issue, so users should update now

Iconic archiving platform WinRAR carried a dangerous zero-day vulnerability which could have let hackers plant malware on compromised computers, security researchers are warning.

Recently, researchers from ESET discovered a directory traversal vulnerability in the latest version of WinRAR. The flaw is now tracked as CVE-2025-8088, and was given a severity score of 8.4/10 (high).

To make matters worse, hackers were seen abusing the flaw in the wild to drop RomCom’s malware variants.

Patching the bug

ESET’s researchers said the flaw was being abused in spear phishing attacks (highly targeted phishing attacks) by the Russian-speaking threat actor known as RomCom, a group known for running espionage and financially-motivated attacks.

Its usual targets include government, military, and critical infrastructure organizations, so spear phishing attacks would make perfect sense.

The group was using the bug to deploy backdoors which would give them full access to the compromised computers.

The group’s earliest sightings were in 2022, targeting entities across Europe and North America. It often spoofs legitimate software in its attacks, with the RomCom RAT being its flagship malware.

RomCom is also tracked by other security outfits under monikers Storm-0978, Tropical Scorpius, and UNC2596.

After the discovery, WinRAR released a patch to fix the flaw. The first clean version is 7.13.

"When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path," WinRAR explained in its changelog. "Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected."

WinRAR is a type of program that doesn’t update automatically, so unless users uninstall it and download the latest version manually, they will remain vulnerable.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.