Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Essential information
- Published
- 29/01/2026 21:08
- Modified
- 29/01/2026 21:18
- Tags
- 2026-01-29 nestpacker phishing russia stockstay unc4895 windows startup winrar
- Related entities
- 3 vulnerabilities (cve), 44 observables, 1 intrusion sets (apt), 2 malware, 3 others
Description
CVE-2025-8088 is a high-severity path traversal vulnerability in WinRAR that attackers exploit by leveraging Alternate Data Streams (ADS). Adversaries can craft malicious RAR archives which, when opened by a vulnerable version of WinRAR, can write files to arbitrary locations on the system. Exploitation of this vulnerability in the wild began as early as July 18, 2025, and the vulnerability was addressed by RARLAB with the release of WinRAR version 7.13 shortly after, on July 30, 2025.