WinRAR Patches Critical Vulnerability (CVE-2025-8088) Used by RomCom Malware, Users Encouraged to Manually Update

A newly discovered vulnerability, CVE-2025-8088, in WinRAR has been exploited to spread malware through phishing emails. This security flaw can be leveraged via maliciously designed archive files, enabling hackers to execute rogue computer code on victims’ machines, including Windows PCs running WinRAR.

Three researchers from antivirus provider ESET uncovered this vulnerability. Although the specific details are sparse, ESET informed reported that spearphishing emails containing RAR file attachments have been observed delivering RomCom backdoors. RomCom is a malicious group linked to Russia, known for stealing sensitive data and installing additional malicious payloads in past versions of their malware.

Fortunately, WinRAR released a patch for this vulnerability last week with version 7.13 Final. However, the application does not possess an automatic update feature, so users will need to manually download and install the new version to secure their systems from potential risks.

WinRAR’s release notes indicate that previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll are affected by this issue. In contrast, Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, and RAR for Android remain unaffected.

WinRAR, a widely-used free archive utility, boasts over 500 million users. Notably, in June, WinRAR also patched another vulnerability that could be exploited through malicious archive files as well.