It has been over six months since Rarlab released a fix for the critical WinRAR vulnerability known as CVE-2025-8088, but attacks continue to target it as if the patch was released just days ago.
Despite a patch being available since August 2025, Google Threat Intelligence reports that state-sponsored actors and financially motivated hackers are still finding immense success targeting users who have neglected to hit the update button.
This “long tail” of exploitation serves as a stark reminder that a vulnerability doesn’t disappear just because a solution exists.
Key Information:
| Detail | Updated Information |
| Vulnerability ID | CVE-2025-8088 |
| Patch Status | Available for 6+ months |
| Primary Threat | State-sponsored and financially motivated actors |
| Action Required | Ensure WinRAR is updated to the latest version |
When Rarlab released WinRar 7.13 to patch the security vulnerability back in July 2025, barely anyone thought that this security issue would remain a problem six months later.
A report by Google security researchers suggests that the issue is still exploited actively. It appears that a percentage of WinRar users have not patched the archiving software yet.
Google found out that attacks originate from several countries, including Russia and China. To exploit the issue, attackers need to create a specially prepared RAR archive. When a victim unpacks the archive, malicious files are moved to the autostart of the system for execution.
Google writes:
CVE-2025-8088 is a high-severity path traversal vulnerability in WinRAR that attackers exploit by leveraging Alternate Data Streams (ADS). Adversaries can craft malicious RAR archives which, when opened by a vulnerable version of WinRAR, can write files to arbitrary locations on the system.
The issue affects WinRar and also related apps and files, including unrar.dll. However, the issue affects RAR on Windows only. Other operating systems with RAR apps, including Linux and Android, are not affected by the issue.
How to protect your systems
It is necessary to update WinRar or any of the other Rar tools affected by the issue, to the latest version. Windows users need to install WinRar 7.13 to protect their devices. Downloads are provided on the official Rarlab website.
Just download the latest release and run the installer to update the application. Installation of WinRar 7.20 Beta will also resolve the issue, but since it is a beta release, it is not recommended to run it on most PCs.
Hmmm… I admit to being one of the guilty parties having not patched it until a few mins ago. But I seldom find the need to unpack compressed files due to using Windows 8.1 and haven’t installed anything on it since a decade or so ago.
But thanks in any event for the info Martin.
It is easy to overlook, if the app itself offers no update checks or automatic updates. You’d have to check actively for updates, or use a tool like winget for that.
Thanks, I missed it too. I’m still on Version 7.01.
I’ll have to dig around, I have some other programs like Fluffy Mod Manager that have the unrar.dll. I think Nexus Mod Manager has it too but, it autoupdates on launch, I’ll still check the file version manually.
Sexy outfit mods for pc game characters would be prime vector for this exploit as the russian and chinese sites offer mods Nexus won’t allow and the rar files are just dropped in a mod folder and never manually opened by the user.
Never used it because it’s “Proprietary; requires software purchase for full features.” I’ll give up the still antiquated UI and .rar extension along with the possibility of maybe recovering a corrupted compressed file and go with NanaZip or PeaZip. For me, in today’s computing world, the .rar format isn’t as needed anymore–sort of like .wpd. Long ago days.