WinRAR vulnerability exploited by two different groups


On July 30, 2025, WinRAR released a new version (7.13 Final) to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack various archive formats.

The vulnerability, tracked as CVE-2025-8088, is a path traversal flaw that affects the Windows version of WinRAR and allows the attackers to execute arbitrary code by crafting malicious archive files. A path traversal vulnerability, also known as a directory traversal vulnerability, is a type of security flaw that allows attackers to access files and directories they should not be able to reach.

Read more…
Source: Malwarebytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

    April 18, 2024

    In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK. The popularity of the platform meant that at the time of the ...

  • DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

    April 18, 2024

    In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East. They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, ...

  • #StopRansomware: Akira Ransomware summary

    April 18, 2024

    Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia. In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of January 1, 2024, the ransomware group has impacted over 250 ...

  • How secret rise of zero-day brokers is causing worldwide security risks

    April 18, 2024

    Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about. Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it ...

  • Police bust global cyber gang accused of industrial-scale fraud

    April 18, 2024

    Police have taken down a gang accused of using a technology service that helped criminals use fraudulent text messages to steal from victims. They have arrested 37 people worldwide and are contacting victims. Officers say younger people who grew up with the internet were the most likely to fall for the “phishing” scam. The technology allowed ...

  • SoumniBot: the new Android banker’s unique techniques

    April 17, 2024

    The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we ...