Time Yo Update: WinRAR 7.13 Update Fixes Critical Windows Security Vulnerability

The widely used file compression tool for Windows, WinRAR, has just released version 7.13 to address a severe security vulnerability identified as CVE-2025-8088. This flaw, discovered by ESET security researchers, specifically affects the Windows version of WinRAR, targeting the UNRAR.dll library. The vulnerability allows attackers to craft malicious archive files that, when extracted by a user, trick WinRAR into writing files to a location of the attacker’s choosing instead of the directory selected by the user.

Exploitation of this vulnerability has been observed in the wild, notably through phishing campaigns. Attackers have sent emails containing specially designed RAR archives that, when extracted, deposit executable files into sensitive Windows folders such as the Startup folder (%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup). Any malicious program placed here is automatically executed the next time the system starts, resulting in full compromise of the affected machine. This method enables attackers to gain persistent access and potentially execute further malicious actions, including installing remote access trojans (RATs).

The primary malware linked to exploitation of this flaw is called RomCom, a Remote Access Trojan (RAT) associated with cybercriminals known for social engineering attacks. These attackers disguise their malware as legitimate applications, encouraging users to download and install compromised WinRAR versions. RomCom has been observed targeting organizations in various sectors, and there is evidence connecting its exploitation of CVE-2025-8088 to Russian-linked groups. Previous attacks enabled remote code execution, data exfiltration, and deployment of further malware payloads.

It is important to note that Unix versions of RAR and UnRAR, including the versions for Android, are not affected by this vulnerability. The security issue is confined to Windows users, and only those with the affected versions (prior to 7.13) are at risk.

Unlike some modern software, WinRAR does not feature automatic updates. Users must visit the official WinRAR website and manually download and install the latest version to be protected. Failure to upgrade leaves systems exposed to active threats.

Filed in Computers. Read more about Security, Windows 10 and Windows 11.