Update WinRAR Now: Zero-Day Exploitation Exposed
If you’re using WinRAR v7.12 or older, update immediately. Once that’s done, come back to this post to learn why – it’s that serious.
All set? Great.
ESET Research just discovered a zero-day vulnerability in WinRAR that’s already being exploited. Here’s how it works:
The Hack
A Russian-linked threat group known as RomCom has been caught exploiting this recent zero-day vulnerability known as CVE-2025-8088. While they’ve mainly targeted companies in Europe and Canada, this vulnerability could be exploited by other hackers as well.
What Is CVE-2025-8088?
In simple terms, this vulnerability lets attackers manipulate how WinRAR extracts files. They can place malicious files in sensitive system locations, like your Windows Startup folder. This allows them to run automatically when you start your computer without your knowledge.
How RomCom Exploits This
RomCom has been running spearphishing campaigns – targeted phishing attacks – sending emails often masked as job applications. These emails include RAR attachments that, when opened, install malware by exploiting this vulnerability. So far, they’ve started industries like manufacturing, defense, and logistics.
What Should You Do?
Hopefully, you’ve already updated WinRAR to version 7.13 or later. This new update fixes the CVE-2025-8088 vulnerability.
The longer you wait, the greater risk that more hacking groups will exploit this vulnerability and that RomCom will expand its attack to other industries.
Keep in mind that WinRAR does not automatically update like many other programs – you must manually download and install the latest version from the official website (link at the top of the page).
Also, practice safe internet and email habits to avoid phishing attacks. You can read more about that here.
What Is a Zero-Day Vulnerability
When new software updates are released, they aren’t always perfect. Sometimes, hackers find security holes – called zero-day vulnerabilities – before developers can fix them. These are extremely dangerous because there’s no immediate patch available to fix them. Fortunately, WinRAR’s CVE-2025-8088 has been patched, but this highlights why keeping your software updated is so important.
The Moral of the Story
WinRAR’s zero-day vulnerability isn’t the first, and it won’t be the last. In fact, this is the third time RomCom has exploited zero-day vulnerabilities.
Stay vigilant with your internet safety, update your software ASAP, and rely on trusted sources for cybersecurity information.
That’s why we’re here – to help you stay ahead of threats like these. If you have any questions or want help securing your systems, reach out.
Want more tips like this?
Subscribe using the form on the right and get our latest cybersecurity insights delivered straight to your inbox.
About The 20 MSP
As a leading provider of managed IT services, The 20 MSP serves thousands of businesses nationwide, including single and multi-location organizations, delivering white-glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our client’s success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
