78
The favored file archiving instrument WinRAR had a severe zero-day vulnerability threatening methods with code execution assaults. Whereas WinRAR has now addressed the flaw, it seems that the zero-day nonetheless went below assault to ship RomCom malware by way of maliciously crafted archived information.
RomCom Exploited WinRAR Zero-Day Flaw
ESET safety researchers found a zero-day flaw within the WinRAR file archiving instrument that might enable code execution. Extra particularly, it was a path traversal vulnerability that affected WinRAR for Home windows.
Recognized as CVE-2025-8088, the vulnerability acquired a excessive severity ranking and a CVSS rating of 8.4. Describing it intimately, WinRAR said,
When extracting a file, earlier variations of WinRAR, Home windows variations of RAR, UnRAR, moveable UnRAR supply code and UnRAR.dll might be tricked into utilizing a path, outlined in a specifically crafted archive, as a substitute of person specified path.
WinRAR additionally confirmed that this particular vulnerability doesn’t affect Unix and Android RAR variations.
Unix variations of RAR, UnRAR, moveable UnRAR supply code and UnRAR library, additionally as RAR for Android, usually are not affected.
In response to BleepingComputer, ESET researchers discovered this vulnerability below energetic assault to ship the RomCom backdoor. They seen that the risk actors carry out spearphishing assaults by delivering maliciously crafted RAR information by way of e-mail.
RomCom is a Russian risk actor group recognized for performing espionage and focused assaults towards organizations. This risk actor group just lately made it to the information when ESET researchers noticed them exploiting two zero-day vulnerabilities to ship backdoors. The identical group additionally exploited one other Microsoft zero-day in 2023 to focus on the NATO Summit. And now, the current WinRAR zero-day exploitation for his or her malware marketing campaign simply provides to the hackers’ rising listing of exploits.
WinRAR Patched The Vulnerability – Replace Your Methods Now!
Following the researchers’ report, WinRAR addressed the flaw, releasing the repair with WinRAR model 7.13. Alongside these safety fixes, the service additionally addressed different characteristic bugs with this launch.
Given the risk severity related to the zero-day and the opposite bug fixes for a easy person expertise, WinRAR customers should guarantee to replace their methods with the newest launch to keep away from the chance.
As well as, it’s additionally essential to remain cautious of phishing and spearphishing assaults. Organizations ought to guarantee conducting common consciousness periods for his or her staff to keep away from threats attributable to interactions with malicious information.
Tell us your ideas within the feedback.
