What’s new: A report has detailed the exploitation of a WinRAR path traversal vulnerability (CVE-2025-8088) by the Russian hacking group RomCom. The vulnerability was discovered on July 18, 2025, and a patch was released on July 30, 2025. The attacks involved malicious RAR archives that drop various malware payloads, including Mythic Agent, SnipBot, and MeltingClaw, by using alternate data streams to conceal malicious files.
Who’s affected
Users of WinRAR, particularly those who have not updated to version 7.13 or later, are at risk of infection from this vulnerability. Organizations relying on WinRAR for archive management are also vulnerable, as the software does not have an auto-update feature.
What to do
- Update WinRAR to version 7.13 or later to mitigate the risk associated with CVE-2025-8088.
- Monitor systems for indicators of compromise related to RomCom malware, as detailed in ESET’s GitHub repository.
- Educate users on the risks of opening untrusted RAR files and the potential for hidden malicious content.
