216.73.216.86

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

· Published 29/01/2026 21:08 · Modified 29/01/2026 21:18

Export JSON

Essential information

Published
29/01/2026 21:08
Modified
29/01/2026 21:18
Tags
2026-01-29 nestpacker phishing russia stockstay unc4895 windows startup winrar
Related entities
3 vulnerabilities (cve), 44 observables, 1 intrusion sets (apt), 2 malware, 3 others

Description

CVE-2025-8088 is a high-severity path traversal vulnerability in that attackers exploit by leveraging Alternate Data Streams (ADS). Adversaries can craft malicious RAR archives which, when opened by a vulnerable version of , can write files to arbitrary locations on the system. Exploitation of this vulnerability in the wild began as early as July 18, 2025, and the vulnerability was addressed by RARLAB with the release of version 7.13 shortly after, on July 30, 2025.

External references