A zero-day attack on WinRAR was disclosed last week. The vulnerability, tracked as CVE-2025-8088, affects all Windows versions of WinRAR up to 7.12. Users of the ubiquitous software are encouraged to take care and to update their software when possible.
The flaw, first reported by ESET on July 18, 2025, is a path traversal bug that leverages Window’s alternate data streams (ADS) feature to circumvent normal file extraction safeguards.
ESET writes the campaign targeted “financial, manufacturing, defense, and logistics companies in Europe and Canada.” Delivered via phishing emails and other scams, fake RAR files were used to deploy malicious software and create backdoors on various systems.
WinRAR has been targeted this way previously; the ubiquity of the software combined with the lack of an autoupdater means even once discovered, flaws in the software can persist in the wild for an exceptionally long time.
The solution? Patch often and follow best practices
As with most cybersecurity matters, prevention is the name of the game. Educating employees and following industry best practices can reduce the number of successful attacks by denying the vector. Updating software makes it more likely a given vulnerability is patched.
Beyond this, companies are encouraged (indeed in many of the sectors affected by the current spate of attacks required by law) to maintain disaster recovery plans including software systems that ensure data capture and backups. These serve as a last safety net if or when prevention fails.
Your Data In Your Hands – With TECH-ARROW
