• CVE-2025-8088: critical path traversal flaw in WinRAR allows arbitrary file writes via ADS. • Exploited by state-backed actors from Russia, China and financially motivated groups. • Attack chain drops files into Windows Startup folder for persistence. • Vulnerability discovered July 2025, patched in WinRAR 7.13. • Exploitation continues post‑patch due to slow patching and n‑day tactics. • Defenders urged to update software, use Google Safe Browsing, and hunt IOCs.
Article Summaries:
- Summary
Google Threat Intelligence Group (GTIG) reports that the critical WinRAR vulnerability CVE‑2025‑8088, a path‑traversal flaw allowing files to be written to arbitrary locations via Alternate Data Streams (ADS), is being actively exploited worldwide. Since its discovery on July 18 2025, attackers-both state‑backed actors from Russia and China and financially motivated groups-have used the flaw to drop malicious shortcuts into the Windows Startup folder, ensuring persistence. The vulnerability was patched in WinRAR 7.13 on July 30 2025, yet exploitation continues, underscoring the need for rapid patching and defensive measures such as Google Safe Browsing.
Sources: