A newly identified security weakness in WinRAR is being actively exploited by cyber attackers to take control of Windows systems, raising fresh concerns about the risks of unpatched software. Security researchers have confirmed that the flaw allows malicious files to be secretly placed in sensitive system locations, giving attackers long term access without the user’s knowledge.
The vulnerability, tracked as CVE 2025 8088, was first seen in real world attacks in July 2025. A fix was released on July 30, 2025, but many systems remain unprotected. The issue is caused by a path traversal weakness in WinRAR. When a user opens a specially crafted archive, hidden files are silently extracted to locations chosen by the attacker. In many cases, these files are dropped into the Windows Startup folder so they automatically run whenever the system restarts or a user logs in.
Investigators say the flaw is being exploited by a wide range of threat actors. These include state linked espionage groups as well as financially motivated cybercriminals. Campaigns linked to actors connected with Russia and China have targeted government, military and technology organisations. Criminal groups have focused on sectors such as hospitality, banking and commercial services. The attacks are being used to install malware, steal login details and create backdoors for ongoing access.
Attackers often rely on hidden file techniques such as Alternate Data Streams to conceal their activity. Victims usually see a harmless looking file like a PDF, while the real payload is written elsewhere on the system. Campaigns have been detected across Eastern Europe, Asia and Latin America, reflecting the global risk posed by unpatched systems. Security experts warn that users running WinRAR versions earlier than 7.13 remain exposed. “Attackers consistently exploit the gap between disclosure and patch adoption,” researchers said. While security features like Safe Browsing can help, experts stress that timely updates remain the most effective defence.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
