Critical WinRAR Zero-Day (CVE-2025-8088) Exploited by Russian Hackers to Spread RomCom Malware

11 Aug 2025

SecurityZero-dayCyber AttackCybersecurityesetMalwareRomComRussiaVulnerabilityWinRARExploitPatch ManagementEndpoint Security

A critical zero-day vulnerability in WinRAR, identified as CVE-2025-8088, has been exploited by hackers linked to Russia to spread the RomCom malware. This vulnerability allows attackers to execute arbitrary code when a user opens a malicious archive file, potentially leading to system compromise and data theft. The involvement of Russian hackers suggests a targeted attack, possibly part of a larger campaign. The impact on the cybersecurity landscape is significant due to WinRAR's widespread use, increasing the attack surface. Organizations and users are advised to update WinRAR to version 7.13 immediately and monitor for signs of RomCom malware, such as unusual network traffic or unauthorized access attempts. This incident underscores the importance of timely patch management and robust endpoint security measures. The technical implications highlight the need for continuous monitoring and threat detection capabilities to mitigate such zero-day exploits effectively.