Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

WinRAR Zero-Day Actively Exploited

August 11, 2025
Reading Time: 3 mins read
in Alerts
WinRAR Zero-Day Actively Exploited

The developers of the popular file archiving utility WinRAR have released a critical security update to address a zero-day vulnerability, tracked as CVE-2025-8088. This flaw, which affects the Windows version of the tool, is a path traversal vulnerability. It allows attackers to execute arbitrary code by tricking the application into writing files to unintended directories when extracting a specially crafted malicious archive. WinRAR version 7.13, released on July 31, 2025, includes the fix for this security defect. This is not the first time WinRAR has faced such a severe security issue, as another vulnerability, CVE-2023-38831, was heavily exploited by threat actors in 2023. This recurring pattern of zero-day exploits highlights the critical importance of keeping software updated.

While the full extent of the exploitation of CVE-2025-8088 is not yet known, there are indications that it has already been used in targeted attacks. According to a report from Russian cybersecurity firm BI.ZONE, the hacking group Paper Werewolf (also known as GOFFEE) may have leveraged this vulnerability in conjunction with another directory traversal bug, CVE-2025-6218, which was patched in June 2025. These attacks reportedly targeted Russian organizations in July 2025 through phishing emails. These emails contained malicious archives that, when opened, exploited the vulnerabilities to execute code and place files in sensitive locations, all while a decoy document distracted the victim.

The core of both CVE-2025-8088 and CVE-2025-6218 is a path traversal attack. This type of vulnerability occurs when an application fails to properly sanitize user-supplied input, allowing an attacker to manipulate file paths. In this case, attackers created malicious archives where the file paths within the archive were designed to trick WinRAR into writing files outside the intended extraction directory. For example, by including relative paths such as ../../ in a file name within the archive, an attacker could instruct the program to write a file to a sensitive system folder like the Windows Startup folder, leading to code execution upon the next system login.

The Dark Web Connection

Before the public disclosure and patching of these vulnerabilities, a threat actor named “zeroplayer” was advertising a WinRAR zero-day exploit for sale on a Russian dark web forum for $80,000. It is suspected that the Paper Werewolf hacking group may have acquired this exploit and used it in their attacks. This sequence of events, from a dark web sale to real-world exploitation, underscores a common and dangerous pattern in the cybercrime ecosystem. It shows how quickly new vulnerabilities can be weaponized and used to target organizations and individuals, making rapid patching by users and developers essential.

7-Zip Also Patches Vulnerability

Another popular file archiver, 7-Zip, also released an update to address a security flaw, CVE-2025-55188. This vulnerability, which is less severe than the WinRAR flaws with a CVSS score of 2.7, allows for an arbitrary file write due to how 7-Zip handles symbolic links during extraction. This could potentially lead to code execution, particularly on Unix systems, if an attacker overwrites sensitive files like SSH keys. The issue has been fixed in 7-Zip version 25.01. This simultaneous patching of vulnerabilities in two major file archiving tools highlights a broader trend of attackers targeting these widely used utilities as a gateway to compromise systems.

Reference:

  • WinRAR Zero-Day Exploited in Attacks – Update to the Latest Version Immediately
Tags: August 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Shadowcaptcha Exploits WordPress Sites

AI Systems Used for Ransomware Attacks

August 28, 2025
Shadowcaptcha Exploits WordPress Sites

Coordinated Scans Target Microsoft RDP

August 28, 2025
Shadowcaptcha Exploits WordPress Sites

Shadowcaptcha Exploits WordPress Sites

August 28, 2025
MixShell Hts US Supply Chain Firms

MixShell Hts US Supply Chain Firms

August 27, 2025
MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

August 27, 2025
MixShell Hts US Supply Chain Firms

WhatsApp Desktop Code Execution Risk

August 27, 2025

Latest Alerts

AI Systems Used for Ransomware Attacks

Coordinated Scans Target Microsoft RDP

Shadowcaptcha Exploits WordPress Sites

MixShell Hts US Supply Chain Firms

AI Attack Hides Prompts In Images

WhatsApp Desktop Code Execution Risk

Subscribe to our newsletter

    Latest Incidents

    Swedish Towns Hit By Ransomware Attack

    Nevada Closes Offices After Cyberattack

    Doge Accused Of Mimicking SSN Info

    Auchan Retailer Reports Data Breach

    NJ Social Services Reports Data Breach

    Salesloft Breach Exposes OAuth Tokens

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial