All news with #winrar tag

WinRAR Path Traversal CVE-2025-6218 Under Active Attack

⚠️ CISA has added WinRAR path traversal CVE-2025-6218 (CVSS 7.8) to its Known Exploited Vulnerabilities list after reports of active exploitation. RARLAB patched the Windows-only flaw in WinRAR 7.12 (June 2025); attackers can place files in sensitive locations such as the Startup folder or Word’s global template to achieve code execution. Multiple groups — including GOFFEE, Bitter (APT‑C‑08/Manlinghua), and Gamaredon — have used the bug in phishing campaigns; organizations should deploy 7.12 or apply mitigations like blocking malicious archives, disabling macros, and monitoring for C2 activity.

CISA Adds Two Vulnerabilities to Known-Exploited Catalog

🔒 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-6218 (WinRAR path traversal) and CVE-2025-62221 (Microsoft Windows use-after-free). The agency cited evidence of active exploitation and emphasized that these flaws are frequent attack vectors posing significant risk to the federal enterprise. CISA reiterated that BOD 22-01 requires FCEB agencies to remediate cataloged CVEs by the required due dates and urged all organizations to prioritize timely remediation.

WinRAR zero-day (CVE-2025-8088) used in RomCom attacks

🔒 ESET researchers uncovered a previously unknown WinRAR vulnerability, tracked as CVE-2025-8088, that is being actively exploited by the Russia-aligned actor RomCom in targeted spearphishing campaigns. The Windows path traversal flaw enables execution of arbitrary code when victims open crafted archives. Users should update to WinRAR 7.13 immediately and consult ESET's video and blogpost for indicators and mitigation.

WinRAR zero-day (CVE-2025-8088) exploited by RomCom

🔒 ESET researchers disclosed a previously unknown WinRAR zero-day, CVE-2025-8088, actively exploited by the Russia-aligned group RomCom. The flaw is a path-traversal vulnerability that leverages NTFS alternate data streams (ADS) to conceal malicious files in RAR archives, which are silently deployed on extraction. Observed payloads included a Mythic agent, a SnipBot variant, and RustyClaw (MeltingClaw), targeting organizations in finance, manufacturing, defense and logistics. Users and vendors relying on WinRAR, UnRAR.dll or its source must update to the July 30, 2025 patched release immediately.