ESET researchers discovered a new vulnerability registered with the code CV-2025-8088 in Winrar software. The Russian -connected Romcom Hacker group actively uses, giving remote code running in Windows systems.
The CV-2025-8088 was defined as a serious weakness used in targeted attacks. According to ESET, the attackers can place malicious files on user systems with specially prepared RAR archives. These files are usually positioned in Windows’s starting folders and run automatically at the opening of the system. The method in question allows the upload of the malware without noticing the user. Thus, the attackers can both play data and achieve permanent access to the system.
Researchers Anton CherePanov, Peter Košinár and Peter Strýček said that this deficit was widely used in identity hunting campaigns. The attacks are generally preferred by e-mail attachments or connections that seem reliable. The process begins when the user unintentionally opens the harmful rar file. This method allows the operating system to be manipulated by manipulating the file path to unauthorized locations.
With the Winrar 7.13 update, the security vulnerability was closed
Winrar does not have an automatic update system. For this reason, manual download and installation is required to install the 7.13 version. If the update is not applied, the CV-2025-8088 deficit can continue to be used by attackers. ESET says that there is no weakness in systems other than Windows – for example unix and Android -based Rar vehicles. In addition, it is recommended not to open archive files from unknown sources until updated.
The Romcom Group is also known as Storm-0978, Tropical Scorpius and UNC2596. In the past, the group carried out many attacks including ransom software distribution, espionage activities and data theft. The CV-2025-8088 deficit stands out as a new method in the group’s identity hunting operations. ESET report, the target of the attacks, especially state institutions and large -scale companies are stated to be said.
Among the technical details of the deficit, the weakness of PATH Traversal) stands out. With this method, the attackers can increase files to folders that the user does not choose. Especially when the system is opened, harmful code can be executed every time the system is opened, especially with the automatic start folders of Windows. Security experts say that the software components of such deficits are due to the lack of security controls in the archive processing process.
ESET and Winrar developers recommend users to immediately get the most up -to -date version. In addition, it is emphasized that the files that come via e-mail should not be opened without verification. The downloadable connection of the 7.13 version is on the official website of Winrar and users are required to apply without postponing the update.