WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Gremlin Stealer: New Stealer on Sale in Underground Forum

    April 29, 2025

    Unit 42 researchers have identified new information-stealing malware written in C#, called Gremlin Stealer. This stealer’s authors have actively advertised it on a Telegram group since mid-March 2025. This information-stealing malware exfiltrates data from its victims and uploads this information to its web server for publication. It can capture data from browsers, the clipboard and the ...

  • Outlaw cybergang attacking targets worldwide

    April 29, 2025

    In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Previous research described Outlaw samples obtained from honeypots. In this ...

  • Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

    April 28, 2025

    On Thursday, April 24, enterprise resource planning company SAP published a CVE (and a day later, an advisory behind login) for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in Visual Composer’s Metadata Uploader component that, when successfully exploited, allows unauthenticated ...

  • M&S: WFH staff locked out of systems amid cyber attack fallout

    April 28, 2025

    M&S has shut remote-working employees out of some of its IT systems as it struggles to recover from the fallout of a cyberattack last week. The high street giant closed some of the programmes that staff use to log into the internal IT systems when working outside of the office, The Times reported. Cybersecurity experts said ...

  • Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

    April 25, 2025

    Trend Research uncovered a sophisticated APT campaign targeting government and telecommunications sectors in Southeast Asia. Named Earth Kurma, the attackers use advanced custom malware, rootkits, and cloud storage services for data exfiltration. Earth Kurma demonstrates adaptive malware toolsets, strategic infrastructure abuse, and complex evasion techniques. This campaign poses a high business risk due to targeted espionage, ...

  • Triada strikes back

    April 25, 2025

    Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the vulnerabilities were patched, and restrictions were added to the firmware. Specifically, system partitions in recent ...