Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

WinRAR Path Traversal Flaw Still Exploited by Numerous Hackers

State-sponsored and financially motivated groups exploit WinRAR CVE-2025-8088 to deploy diverse malware, with over 500 million users at risk, Google researchers report ongoing attacks.

  • Tuesday's GTIG report found active exploitation of CVE-2025-8088 since August, with the flaw patched in WinRAR version 7.13 on July 30, 2025.
  • Researchers say exploitation began as early as July 18, 2025, with multiple operators sourcing exploits from 'zeroplayer' while WinRAR lacks auto-update, requiring manual updates.
  • Analysis shows crafted RAR archives drop LNK, HTA, BAT, CMD files via WinRAR Alternate Data Streams, delivering POISONIVY, NESTPACKER / Snipbot, STOCKSTAY, XWorm, and AsyncRAT.
  • WinRAR's Windows user base exceeds 500 million, while attackers have planted malware in the Windows Startup folder with decoy files, and state-backed groups targeted Ukrainian military and government entities.
  • Google urged organizations to install security updates and published IoCs, as underground forums and malware creators integrate the WinRAR flaw into tools, with exploit prices ranging from $80,000 to $300,000.
Insights by Ground AI

11 Articles

PC MagPC Mag
Lean Left

Hackers Still Exploiting WinRAR Flaw Even Though Fix Was Released 6 Months Ago

WinRAR doesn't have an auto-update function, meaning PCs are vulnerable until you manually update. The bug is still being widely exploited, Google security researchers warn.

·United States
Read Full Article
CyberScoopCyberScoop
Center

Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect

Google Threat Intelligence Group warned that a diverse and growing collection of attackers, including nation-state groups and financially motivated cybercriminals, are exploiting a path-traversal vulnerability affecting WinRAR that was disclosed and patched six months ago. The high-severity vulnerability — CVE-2025-8088 — was exploited in the wild almost two weeks before RARLAB, the vendor behind the file archiver tool, addressed the vulnerabili…

Read Full Article
BleepingComputerBleepingComputer
Center

WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.

Read Full Article
technewstube.comtechnewstube.com

Still using WinRAR? You should probably look out for these potentially dangerous security flaws

A high severity flaw in WinRAR allows crooks to execute malware remotely.

Read Full Article
Génération-NTGénération-NT

Why Is the Winrar Fault Patched Six Months Ago Still so Dangerous?

A critical vulnerability of WinRAR (CVE-2025-8088), corrected six months ago, is still massively exploited. From groups of Russian and Chinese state pirates to cyber criminals, all take advantage of the lack of automatic updates to conduct spying and data theft campaigns, according to Google.

Read Full Article
HotHardwareHotHardware

Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions of WinRAR newer than v7.12 have been patched. Google's recent blog post on the exploit activity provides a timeline of exploits across six different

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 67% of the sources are Center
67% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Tuesday, January 27, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Google icon

Google

Cyberattacks icon

Cyberattacks

Windows icon

Windows

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal