Vulnerability cyber

WinRAR

Aug 8, 2025 1 min read
WinRAR

A recently fixed WinRAR vulnerability (CVE-2025-8088) was exploited as a zero-day in phishing attacks to install the RomCom malware. The flaw, a directory traversal vulnerability, allowed attackers to extract files into arbitrary paths, leading to remote code execution when users logged in. The RomCom group, linked to ransomware and data-theft extortion, used this vulnerability to deliver backdoors and steal credentials. The attack targeted users through phishing emails with malicious RAR files, exploiting the lack of auto-update in WinRAR. Users were advised to manually update to WinRAR 7.13 to mitigate the risk.

Source: https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/

TPRM report: https://www.rankiteo.com/company/win.rar-gmbh

"id": "win536081025",
"linkid": "win.rar-gmbh",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'location': 'Global',
                        'name': 'WinRAR users',
                        'type': 'Individuals and organizations'}],
 'attack_vector': 'Phishing emails with malicious RAR attachments',
 'description': 'A recently fixed WinRAR vulnerability tracked as '
                'CVE-2025-8088 was exploited as a zero-day in phishing attacks '
                'to install the RomCom malware. The flaw is a directory '
                'traversal vulnerability that allows specially crafted '
                'archives to extract files into a file path selected by the '
                'attacker.',
 'impact': {'identity_theft_risk': 'High'},
 'initial_access_broker': {'backdoors_established': 'RomCom backdoors',
                           'entry_point': 'Phishing emails with malicious RAR '
                                          'attachments'},
 'investigation_status': 'Ongoing, ESET is working on a report',
 'lessons_learned': 'Importance of manual updates for software without '
                    'auto-update features.',
 'motivation': 'Data theft, credential stealing, ransomware operations',
 'post_incident_analysis': {'corrective_actions': 'Manual update to WinRAR '
                                                  '7.13',
                            'root_causes': 'Exploitation of CVE-2025-8088 in '
                                           'WinRAR'},
 'recommendations': 'Users should manually download and install the latest '
                    'version of WinRAR from win-rar.com.',
 'references': [{'source': 'BleepingComputer'}, {'source': 'WinRAR changelog'}],
 'response': {'containment_measures': 'Manual update to WinRAR 7.13',
              'remediation_measures': 'Manual update to WinRAR 7.13'},
 'threat_actor': 'RomCom (also known as Storm-0978, Tropical Scorpius, '
                 'UNC2596)',
 'title': 'Exploitation of WinRAR CVE-2025-8088 Zero-Day Vulnerability',
 'type': 'Zero-day exploitation, Phishing, Malware installation',
 'vulnerability_exploited': 'CVE-2025-8088'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

7-Zip

public 1 min read
A security vulnerability (CVE-2025-55188) in 7-Zip software allows attackers to perform arbitrary file writes during archive extraction, potentially leading to…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.