The WinRAR team has promptly issued an update to rectify a severe zero-day vulnerability that is currently under active exploitation. The flaw, identified as CVE-2025-8088 with a CVSS score of 8.8, poses a significant security risk for users of the popular file archiving tool, particularly affecting the Windows version.
The vulnerability is rooted in path traversal issues that allow malicious actors to execute arbitrary code by creating specially crafted archive files. According to WinRAR, when extracting a file, earlier versions of WinRAR can be deceived into utilizing paths defined in a malicious archive instead of the intended paths, significantly heightening the risk of exploitation.
Security researchers Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the flaw, which has since been resolved in WinRAR version 7.13, released on July 31, 2025. Despite the update, the real-world method of exploitation remains unclear, prompting users to apply the update immediately.
The cybersecurity threat landscape surrounding WinRAR has become increasingly concerning, especially following incidents in 2023, where another vulnerability came under severe scrutiny. Recent reports indicate that the hacking group known as Paper Werewolf may be exploiting CVE-2025-8088 in tandem with other vulnerabilities, including a directory traversal bug patched in June 2025.
Earlier this year, an instance was noted where a threat actor offered a WinRAR zero-day exploit for sale on the dark web for a staggering $80,000, highlighting the lucrative nature of such vulnerabilities. These insights underscore the significant and evolving threats that users face, necessitating heightened vigilance and prompt patching of affected software.
The vulnerability affects WinRAR versions up to and including 7.12; users are strongly advised to upgrade to version 7.13. Failure to address this flaw could result in unauthorized code execution, particularly in sensitive environments. As the situation develops, cybersecurity experts continue to monitor the landscape for potential new threats.