Googleβs Threat Intelligence Group warns that a path-traversal flaw in WinRAR (CVE-2025-8088) disclosed and patched six months ago is still being actively exploited by a diverse set of attackers. Nation-state actors linked to Russia and China and financially motivated cybercriminals have been deploying silent, no-interaction payloads into critical locations like the Windows Startup folder, and Google urges updating WinRAR and hunting with published IoCs. #WinRAR #CVE-2025-8088
Keypoints
- The WinRAR path-traversal vulnerability CVE-2025-8088 was exploited in the wild before the vendor patched it.
- Both nation-state groups (including Russian- and China-linked actors) and financially motivated cybercriminals are exploiting the flaw.
- Attackers use the same exploitation method to silently drop payloads into critical locations like the Windows Startup folder with no user interaction.
- Exploitation has expanded over six months, with the majority of recent activity attributed to cybercriminal groups.
- Google recommends installing WinRAR updates and provides indicators of compromise to help defenders hunt for malicious activity.
Read More: https://cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/