🚨 Overviews🚨
A critical zero day vulnerability (CVE- 2025- 8088) has been actively exploited in the wild. Attackers most notably the Russian- aligned APT group “RomCom” (aka Storm- 0978, Void Rabisu, UNC2596) have been distributing malicious RAR files via spear phishing campaigns (often disguised as job application documents). These exploit a directory traversal flaw to drop payloads into Windows Startup folders, enabling remote code execution upon next user login.
đź’Ą Affected Versions:
All versions of WinRAR up to and including v7.12 are vulnerable.
🔧 Safe Version:
Update immediately to WinRAR v7.13, released on July 30, 2025, which addresses this vulnerability .
https://www.win-rar.com/whatsnew.html?&L=0 .
Action Required
- Deploy WinRAR v7.13 or later across all endpoints. Since WinRAR lacks an auto- update mechanism, this must be done manually.
- Use endpoint management tools or software inventories to confirm version rollout.
- Audit recent RAR attachments especially those purporting to be CVs or HR documents and verify their safety.
🛡 User Alert:
Remind all users to exercise caution when receiving RAR files via email even from trusted senders. Specifically:
âś… Do not open .rar attachments unexpectedly, especially labeled as job applications or resumes.
âś… Verify legitimacy before extracting these files, even if the sender seems familiar.