WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Deep Dive into a Dumped Malware without a PE Header

    May 29, 2025

    This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. Fortiguard Incident Response Team discovered malware that had been running on a compromised machine for several weeks. The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process. Although obtaining the original malware ...

  • FBI probes effort to impersonate White House chief of staff Susie Wiles

    May 29, 2025

    One or more unknown people accessed White House chief of staff Susie Wiles’ personal cellphone and used her contacts file to reach out to other top officials and impersonate her, sources told CBS News Thursday. Some of the recipients realized the messages were suspicious because the texts and calls came from an unknown number, sources said, ...

  • A third of UK fintechs put customers data at risk of cyber attack

    May 29, 2025

    UK fintechs are putting thousands of customers in jeopardy by leaving themselves vulnerable to a cyber attack, shocking new research reveals. Nearly 800 firms’ digital presence was analysed by the ethical hacking platform Ethiack as it scrutinised their cybersecurity. Four in ten fintechs were found to be giving hackers a “powerful headstart” by revealing software details ...

  • Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

    May 29, 2025

    Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). GTIG researchers divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and ...

  • UK: NHS patient data at risk in major cyber attack

    May 28, 2025

    A newly uncovered cyber attack has exposed sensitive information at two major NHS trusts, raising fears that patient records could be at risk. University College London hospitals, NHS Foundation Trust, and University Hospital Southampton, NHS Foundation Trust were among the victims identified in a widespread cyber breach.  analysed by cybersecurity firm EclecticIQ. The company have said ...

  • Victoria’s Secret pulls down website amid security incident

    May 28, 2025

    Clothing and lingerie retailer Victoria’s Secret suspended most of the functionality of its website and some in-store services to “address a security incident,” according to a statement posted to the company’s website on Wednesday. “We identified and are taking steps to address a security incident,” a Victoria’s Secret spokesperson told Reuters in an email on Wednesday. ...