By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
World of SoftwareWorld of SoftwareWorld of Software
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Search
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
Reading: Patch Now: New WinRAR Flaw Used to Deliver Malware
Share
Sign In
Notification Show More
Font ResizerAa
World of SoftwareWorld of Software
Font ResizerAa
  • Software
  • Mobile
  • Computing
  • Gadget
  • Gaming
  • Videos
Search
  • News
  • Software
  • Mobile
  • Computing
  • Gaming
  • Videos
  • More
    • Gadget
    • Web Stories
    • Trending
    • Press Release
Have an existing account? Sign In
Follow US
  • Privacy
  • Terms
  • Advertise
  • Contact
Copyright © All Rights Reserved. World of Software.
World of Software > News > Patch Now: New WinRAR Flaw Used to Deliver Malware
News

Patch Now: New WinRAR Flaw Used to Deliver Malware

News Room
Last updated: 2025/08/08 at 7:31 PM
News Room Published 8 August 2025
Share
SHARE

Security researchers have discovered a new flaw in WinRAR that was recently exploited to spread malware through phishing emails. 

The flaw, CVE-2025-8088, can be harnessed through maliciously crafted archive files, according to BleepingComputer, which first reported on the vulnerability. 

Normally, WinRAR is supposed to extract files from an archive to the user’s specified path. But through the flaw, it looks like a booby-trapped file can extract the data to a hacker-selected path, creating a way to execute rogue computer code on a victim’s machine, including Windows PCs running WinRAR.


This Tweet is currently unavailable. It might be loading or has been removed.

Three researchers at antivirus provider ESET discovered the vulnerability. Although details are thin, the company told PCMag it’s “observed spearphishing emails with attachments containing RAR files. These archives exploited the CVE-2025-8088 to deliver RomCom backdoors. RomCom is a Russia-aligned group.” Past versions of RomCom malware can steal sensitive data and install other malicious payloads.

The good news is that WinRAR patched the vulnerability last week with version 7.13 Final. Unfortunately, the popular file-archiving tool doesn’t feature an auto-update mechanism. So it’ll be up to users to manually download and install the new version to receive protection, otherwise they’ll remain at risk. 

Recommended by Our Editors

In the release notes, WinRAR said the problem affects “previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll.” However, Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, and RAR for Android, are not affected.

As a free archive utility, WinRAR has attracted over 500 million users. In June, WinRAR also patched a separate flaw that could be exploited through booby-trapped archive files as well.

PCMag Logo

OpenAI Debuts GPT-5 Model During OpenAI’s Summer Update Event


Newsletter Icon

Newsletter Icon

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates


SecurityWatch Newsletter Image

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Twitter Email Print
Share
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World
Next Article Streamex Unleashes Gold-Tokenization Strategy Poised To Shake Global Markets And Redefine NASDAQ | HackerNoon
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected

248.1k Like
69.1k Follow
134k Pin
54.3k Follow

Latest News

Amy Bradley’s brother reveals ‘evidence that proves truth’ about disappearance
News
iOS 26: Here’s What You Can Do With Apple’s New Games App
News
NIO Capital raises new RMB 3 bln fund despite cooling VC climate · TechNode
Computing
Today's NYT Mini Crossword Answers for Aug. 9 – CNET
News

You Might also Like

News

Amy Bradley’s brother reveals ‘evidence that proves truth’ about disappearance

8 Min Read
News

iOS 26: Here’s What You Can Do With Apple’s New Games App

9 Min Read
News

Today's NYT Mini Crossword Answers for Aug. 9 – CNET

2 Min Read
News

The Best Wi-Fi 6 Routers for 2025

28 Min Read
//

World of Software is your one-stop website for the latest tech news and updates, follow us now to get the news that matters to you.

Quick Link

  • Privacy Policy
  • Terms of use
  • Advertise
  • Contact

Topics

  • Computing
  • Software
  • Press Release
  • Trending

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

World of SoftwareWorld of Software
Follow US
Copyright © All Rights Reserved. World of Software.
Welcome Back!

Sign in to your account

Lost your password?