The security issue in WinRAR, labeled as CVE-2025-8088, has not gone away and continues to be used in attacks around the world. Although the vulnerability was discovered back in July 2025, a large number of users are still using old versions of the program, which leaves an open way for attackers to abuse it.
The problem exists in WinRAR 7.12 and older versions. Hackers use the “path traversal” loophole, that is, the possibility to write files through a specially prepared RAR archive to a place where they should not end up. In this case, the malicious content can be hidden in the archive and then automatically placed in the Windows startup directory when the user unzips the file.
The WinRAR vulnerability enables the automatic launch of viruses
The consequence is particularly dangerous because the virus practically starts every time the computer is turned on. The user often sees only an ordinary RAR archive and the unpacking process, while a mechanism for automatically launching malware is set up in the background.
According to available security reports, the vulnerability was used as a zero-day flaw by the Russian hacking group RomCom as early as July 18, 2025, before the general public had full protection. The Google Threat Analysis Group confirms that abuse continues, and victims include companies and individuals from the financial, manufacturing, defense and logistics sectors.
The main reason why the problem persists is the way WinRAR is updated. The program does not have an automatic upgrade mechanism that users expect from modern applications, so many remain on older versions for years. This is an ideal situation for attackers, as they can count on a large number of computers still running vulnerable versions.
Users should therefore immediately check which version of WinRAR they have installed. This is done by opening the program, selecting the menu Helpthen options About WinRAR. If the displayed version is older than 7.13, it is necessary to manually download and install the latest edition from the official WinRAR site.
It is important to emphasize that caution alone when opening archives is not sufficient protection. A RAR file can look completely normal, and the attack is activated right at the moment of unpacking. This is why updating the program is the most important step, as it closes the path hackers use to inject malware into the system.
WinRAR is still found on many Windows computers, especially with users who install it once and then don’t check the version for years. This is precisely why this vulnerability remains current much longer than it should. The check takes less than a minute, but can prevent a scenario where a simple compressed archive becomes an entry point for a serious attack.