A flaw in the well-known file extraction program WinRAR that was fixed last year is being targeted by a variety of adversaries, including state-sponsored actors This article explores winrar allows attackers. . The vulnerability affects many different types of organizations, but small and medium-sized enterprises may be most affected.

A research blog post about CVE-2025-8088, a high-severity vulnerability found by ESET and revealed in August of last year, was released yesterday by Google Threat Intelligence Group (GTIG). The National Vulnerability Database listing for the bug states that CVE-2025-8088 is a "path traversal vulnerability affecting the Windows version of WinRAR [that] allows the attackers to execute arbitrary code by crafting malicious archive files."" Hundreds of millions of people and businesses of all sizes and industries use WinRAR, a well-known cross-platform file extraction program.

Apart from its vast and varied user base, WinRAR is also highly accessible. "The ADS content (malicious.lnk) is extracted to the destination specified by the traversal path when the archive is opened, automatically executing the payload the next time the user logs in." Google advised unpatched users and organizations to update their WinRAR instances right away and become acquainted with the "predictable" strategies, methods, and techniques used by the exploiting actors.

There are signs of compromise on GTIG's blog. Any unpatched software expands a machine's attack surface, a Google Threat Intelligence Group researcher tells Dark Reading. According to the researcher, "we urge organizations and users to keep software, including software obtained by free trials, fully up to date and to install security updates as soon as they become available."

WinRAR was contacted by Dark Reading for further comment.