Researchers reveal how the WinRAR path traversal vulnerability CVE-2025-8088 was exploited by the Russian RomCom hacking group to drop malware during zero-day attacks. The incident underscores the importance of timely patching and highlights ongoing threats targeting archive management software. #RomCom #CVE-2025-8088
Keypoints
- The CVE-2025-8088 vulnerability was exploited in targeted zero-day attacks by RomCom.
- RomCom is a Russian threat actor known for zero-day exploits in popular software like Firefox and Microsoft Office.
- Malicious archives use alternate data streams to hide payloads and execute malware upon extraction.
- The attack chains deliver malware families like Mythic Agent, SnipBot, and MeltingClaw.
- WinRAR released version 7.13 with a patch for CVE-2025-8088 on July 30, 2025, but users must manually update.