Millions At Risk As Attackers Exploit This Alarming WinRAR Security Flaw

Remember the WinRAR path handling exploit we reported on back in August? According to Google, that same flaw, officially dubbed CVE-2025-8088, is still being actively exploited, even though versions of WinRAR new than v7.12 have been patched. Google's recent blog post on the exploit activity provides a timeline of exploits across six different groups, with a number of them (UNC4895, Cybercrime Group, and APT44) operating on behalf of Russia against Ukraine. There's also a PRC-based actor (Chinese) using the exploit to deliver POISONIVY malware, and miscellaneous attacks across Indonesia, Latin America, and Brazil. This is an international threat being leveraged in all sorts of ways, and users who aren't keeping their operating systems and copies of WinRAR up-to-date are all vulnerable to attack.

Unlike CVE-2025-62221 and CVE-2025-6222, which have also already been patched, CVE-2025-8088 has proven surprisingly prominent. Google notes that "When a reliable proof of ...