Why does this matter? If you’re still using WinRAR, it’s crucial to be aware of a high-severity security vulnerability that could expose your system to malware attacks. The flaw, identified as CVE-2025-8088, affects versions 7.12 and older, allowing attackers to execute arbitrary code on compromised devices. This issue has been actively exploited by various hacking groups, including state-sponsored actors.
The vulnerability leverages WinRAR's Alternate Data Streams (ADS) feature, enabling malicious archives to deploy hidden payloads while displaying a seemingly innocuous file—like a PDF—to the user. When the archive is opened, the malware can be extracted without the user's knowledge.
Understanding the Threat
Security experts have reported that multiple hacking collectives are capitalizing on this flaw. For example, groups like RomCom have utilized it in attacks against military targets. Other financially motivated hackers are also taking advantage of this exploit to deploy infostealers such as XWorm and AsyncRAT.
Google’s Threat Intelligence Group noted that the first signs of exploitation were observed in mid-July 2025, indicating that the threat landscape around this vulnerability is serious and evolving.
How to Protect Yourself
To mitigate risks associated with this vulnerability, users are strongly advised to update WinRAR to version 7.13 or newer immediately. Unlike many applications, WinRAR does not support automatic updates; however, you can install the new version over your existing installation without needing to uninstall it first.
In summary, if you continue using an outdated version of WinRAR, you significantly increase your risk of falling victim to malware attacks. Stay vigilant and keep your software up-to-date to protect your data and privacy.