Google Identifies a Serious WinRAR Vulnerability Used to Take Over Windows Systems -

Post Views: 9

Google has issued a fresh warning over a significant security vulnerability in WinRAR Vulnerability , one of the most frequently used file compression programs on Windows, after researchers saw it being actively abused to obtain unauthorised control over devices. Because of the vulnerability, hackers can install harmful files in critical system areas without the user’s knowledge, giving them ongoing access to affected computers.

The issue was first seen to be exploited in July 2025 and is tracked as CVE-2025-8088. Security researchers claim that despite a remedy being available since July 30, 2025, the vulnerability is still being exploited in numerous cyber attacks, exposing consumers and organizations that have not upgraded their software.

How does the flaw work?

The vulnerability is caused by a path traversal flaw in WinRAR that can be activated by carefully constructed archive files. Bypassing user awareness and security expectations, hidden components are silently extracted to arbitrary locations on the system when a user views a rogue RAR file.

Researchers discovered that this vulnerability is regularly exploited by attackers to put files straight into the Windows Startup folder, guaranteeing that malicious programs run automatically whenever the system restarts or a user signs in. This method gives attackers control over the compromised machine and long-term persistence.

Numerous Attackers’ Involvement Found

Security teams have connected a wide range of threat actors, including financially motivated cybercriminals and state-affiliated espionage operations, to the exploitation of the vulnerability. Criminal organizations have targeted companies in industries like hotels, banking, and commercial services, while campaigns linked to China and Russia have targeted government, military, and technology organizations.

The vulnerability has been exploited by the attackers to infect victim systems with malware, steal login credentials, and create secret backdoors. Similar strategies were observed in previous WinRAR attacks, according to analysts, highlighting how attackers still rely on widely used but slowly updated software.

Use of Hidden File Techniques

Investigators found that the assaults generally rely on Alternate Data Streams (ADS), a feature of the Windows file system that can be manipulated to mask malicious content. When victims open the archive, they usually see a document that looks harmless, like a PDF, but the dangerous payload is secretly written somewhere else on the system.

In a number of instances, file names were created to look authentic while concealing executable components. These files are hard to identify because, once planted in startup places, they execute automatically without additional user input.

Targets Span Multiple Regions

Campaigns that take advantage of the weakness have been seen in Latin America, Asia, and Eastern Europe, with targets ranging from private businesses to official institutions. Researchers stated that the continuous proliferation of these attacks underlines the degree of risk posed by unpatched systems, particularly in contexts where WinRAR is frequently used for file exchange.

The technique mimics earlier exploitation of a WinRAR vulnerability disclosed in 2023, confirming worries that known weaknesses remain enticing to attackers long after patches are provided.

Patch Available, but Risk Remains

Users and organizations using WinRAR versions older than 7.13 are still susceptible, according to security experts. Many systems have not yet applied the remedy, leaving them vulnerable to active exploitation despite public advisories and accessible upgrades.

Because these defenses can help block files known to contain exploit code, Google has encouraged users to keep security measures like Safe Browsing and email attachment scanning enabled. Experts advise against viewing such actions as a substitute for frequent software updates, nevertheless.

Urgent Demand for Updates

Organizations are once again being urged by cybersecurity experts to give patch management and frequent software updates top priority. Researchers observed that “attackers consistently exploit the gap between disclosure and patch adoption,” cautioning that delays can transform commonly used tools into efficient entry points for widespread penetration.

The alert serves as a reminder that even reliable, common software can pose a serious security risk if it is not patched while investigations are ongoing.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

Israeli PM Benjamin Netanyahu Taped His Phone Camera: Know Why?