{
  "name": "Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088",
  "slug": "diverse-threat-actors-exploiting-critical-winrar-vulnerability-cve-2025-8088",
  "description": "CVE-2025-8088 is a high-severity path traversal vulnerability in WinRAR that attackers exploit by leveraging Alternate Data Streams (ADS). Adversaries can craft malicious RAR archives which, when opened by a vulnerable version of WinRAR, can write files to arbitrary locations on the system. Exploitation of this vulnerability in the wild began as early as July 18, 2025, and the vulnerability was addressed by RARLAB with the release of WinRAR version 7.13 shortly after, on July 30, 2025.",
  "published": "2026-01-29T20:08:34+00:00",
  "created_at": "2026-01-29T20:08:34+00:00",
  "modified_at": "2026-01-29T20:18:54+00:00",
  "created_at_opencti": "2026-01-29T20:08:34+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-01-29",
    "nestpacker",
    "phishing",
    "russia",
    "stockstay",
    "unc4895",
    "windows startup",
    "winrar"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "bb4856a66bf7e0de18522e35798c0a8734179c1aab21ed2ad6821aaa99e1cb4c"
      },
      {
        "id": "",
        "name": "edc1f7528ca93ec432daca820f47e08d218b79cceca1ee764966f8f90d6a58bd"
      },
      {
        "id": "",
        "name": "4f4567abe9ff520797b04b04255bbbe07ecdddb594559d436ac53314ec62c1b3"
      },
      {
        "id": "",
        "name": "29f89486bb820d40c9bee8bf70ee8664ea270b16e486af4a53ab703996943256"
      },
      {
        "id": "",
        "name": "fc2a6138786fae4e33dc343aea2b1a7cd6411187307ea2c82cd96b45f6d1f2a0"
      },
      {
        "id": "",
        "name": "c7726c166e1947fdbf808a50b75ca7400d56fa6fef2a76cefe314848db22c76c"
      },
      {
        "id": "",
        "name": "ba86b6e0199b8907427364246f049efd67dc4eda0b5078f4bc7607253634cf24"
      },
      {
        "id": "",
        "name": "d981a16b9da1615514a02f5ebb38416a009f5621c0b718214d5b105c9f552389"
      },
      {
        "id": "",
        "name": "54305c7b95d8105601461bb18de87f1f679d833f15e38a9ee7895a0c8605c0d0"
      },
      {
        "id": "",
        "name": "ae93d9327a91e90bf7744c6ce0eb4affb3acb62a5d1b2dafd645cba9af28d795"
      },
      {
        "id": "",
        "name": "a97f460bfa612f1d406823620d0d25e381f9b980a0497e2775269917a7150f04"
      },
      {
        "id": "",
        "name": "53f1b841d323c211c715b8f80d0efb9529440caae921a60340de027052946dd9"
      },
      {
        "id": "",
        "name": "958921ea0995482fb04ea4a50bbdb654f272ab991046a43c1fdbd22da302d544"
      },
      {
        "id": "",
        "name": "ed5b920dad5dcd3f9e55828f82a27211a212839c8942531c288535b92df7f453"
      },
      {
        "id": "",
        "name": "b53069a380a9dd3dc1c758888d0e50dd43935f16df0f7124c77569375a9f44f5"
      },
      {
        "id": "",
        "name": "55b3dc57929d8eacfdadc71d92483eabe4874bf3d0189f861b145705a0f0a8fe"
      },
      {
        "id": "",
        "name": "cf8ebfd98da3025dc09d0b3bbeef874d8f9c4d4ba4937719f0a9a3aa04c81beb"
      },
      {
        "id": "",
        "name": "6d3586aa6603f1c1c79d7bd7e0b5c5f0cc8e8a84577c35d21b0f462656c2e1f9"
      },
      {
        "id": "",
        "name": "272c86c6db95f1ef8b83f672b65e64df16494cae261e1aba1aeb1e59dcb68524"
      },
      {
        "id": "",
        "name": "91e61fd77460393a89a8af657d09df6a815465f6ce22f1db8277d58342b32249"
      },
      {
        "id": "",
        "name": "f6761b5341a33188a7a1ca7a904d5866e07b8ddbde9adebdbce4306923cfc60a"
      },
      {
        "id": "",
        "name": "ddd67dda5d58c7480152c9f6e8043c3ea7de2e593beedf86b867b83f005bf0cc"
      },
      {
        "id": "",
        "name": "cf35ce47b35f1405969f40633fcf35132ca3ccb3fdfded8cc270fc2223049b80"
      },
      {
        "id": "",
        "name": "5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b"
      },
      {
        "id": "",
        "name": "b90ef1d21523eeffbca17181ccccf269bca3840786fcbf5c73218c6e1d6a51a9"
      },
      {
        "id": "",
        "name": "a54bcafd9d4ece87fa314d508a68f47b0ec3351c0a270aa2ed3a0e275b9db03c"
      },
      {
        "id": "",
        "name": "867a05d67dd184d544d5513f4f07959a7c2b558197c99cb8139ea797ad9fbece"
      },
      {
        "id": "",
        "name": "2c40e7cf613bf2806ff6e9bc396058fe4f85926493979189dbdbc7d615b7cb14"
      },
      {
        "id": "",
        "name": "f3e5667d02f95c001c717dfc5a0e100d2b701be4ec35a3e6875dc276431a7497"
      },
      {
        "id": "",
        "name": "498961237cf1c48f1e7764829818c5ba0af24a234c2f29c4420fb80276aec676"
      },
      {
        "id": "",
        "name": "ef0e1bb2d389ab8b5f15d2f83cf978662e18e31dbe875f39db563e8a019af577"
      },
      {
        "id": "",
        "name": "b2b62703a1ef7d9d3376c6b3609cd901cbccdcca80fba940ce8ed3f4e54cdbe6"
      },
      {
        "id": "",
        "name": "5dee69127d501142413fb93fd2af8c8a378682c140c52b48990a5c41f2ce3616"
      },
      {
        "id": "",
        "name": "d418f878fa02729b38b5384bcb3216872a968f5d0c9c77609d8c5aacedb07546"
      },
      {
        "id": "",
        "name": "3b47df790abb4eb3ac570b50bf96bb1943d4b46851430ebf3fc36f645061491b"
      },
      {
        "id": "",
        "name": "3b85d0261ab2531aba9e2992eb85273be0e26fe61e4592862d8f45d6807ceee4"
      },
      {
        "id": "",
        "name": "ffc6c3805bbaef2c4003763fd5fac0ebcccf99a1656f10cf7677f6c2a5d16dbd"
      },
      {
        "id": "",
        "name": "defe25e400d4925d8a2bb4b1181044d06a8bf61688fd9c9ea59f1e0bb7bc21d8"
      },
      {
        "id": "",
        "name": "aea13e5871b683a19a05015ff0369b412b985d47eb67a3af93f44400a026b4b0"
      },
      {
        "id": "",
        "name": "33580073680016f23bf474e6e62c61bf6a776e561385bfb06788a4713114ba9d"
      },
      {
        "id": "",
        "name": "e836873479ff558cfb885097e8783356aad1f2d30b69d825b3a71cb7a57cf930"
      },
      {
        "id": "",
        "name": "68d9020aa9b509a6d018d6d9f4c77e7604a588b2848e05da6a4d9f82d725f91b"
      },
      {
        "id": "",
        "name": "8a7ee2a8e6b3476319a3a0d5846805fd25fa388c7f2215668bc134202ea093fa"
      },
      {
        "id": "",
        "name": "ea0869fa9d5e23bdd16cddfefbbf9c67744598f379be306ff652f910db1ba162"
      }
    ],
    "malware": [
      {
        "id": "4d86f834-caba-4287-a4f9-aa693000aca7",
        "name": "STOCKSTAY",
        "slug": "stockstay"
      },
      {
        "id": "1416351e-d68e-4e89-ac06-858b3748859d",
        "name": "NESTPACKER",
        "slug": "nestpacker"
      }
    ],
    "intrusion_sets": [
      {
        "id": "6d64f984-144e-47dc-b96e-4eda8b18c74c",
        "name": "UNC4895",
        "slug": "unc4895"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2023-38831"
      },
      {
        "id": "",
        "name": "CVE-2025-55182"
      },
      {
        "id": "",
        "name": "CVE-2025-8088"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Defense ministries (including the military)"
      },
      {
        "id": "",
        "name": "Government and administrations"
      },
      {
        "id": "",
        "name": "Technologies"
      }
    ]
  },
  "external_refs": [
    "https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability",
    "https://otx.alienvault.com/pulse/697bcc53ac906b4ef070c633"
  ]
}