WinRAR patch release

Security researchers warn of an actively exploited WinRAR zero-day tied to Paper Werewolf, with a fix in version 7.13.

WinRAR patches active zero day exploited against Russian firms

WinRAR has released version 7.13 to fix CVE-2025-8088, a high-severity path traversal flaw in the Windows edition that could allow arbitrary code execution when a crafted archive is opened. The vulnerability was under active exploitation and has been connected to operations against Russian firms in July 2025. Security researchers from ESET credited Anton Cherepanov, Peter Kosinar, and Peter Strycek with discovery and reporting.

BI.ZONE researchers link the Paper Werewolf threat group to CVE-2025-8088 and CVE-2025-6218, a Windows directory traversal flaw patched in June 2025. The attackers reportedly used booby-trapped archives with a decoy document to distract victims and deliver a .NET loader that collects system information and contacts a control server for additional payloads. The patch mitigates the flaws for affected users, but it is unclear how widely the exploits have spread in the wild. Separately, 7-Zip patched a low-severity arbitrary file write bug CVE-2025-55188, highlighting overlapping risks across common archiving tools.

The incident shows how widely adopted tools can become attack vectors. Patch velocity matters as much as patch availability, and many organizations struggle with timely updates. The linkage to a named threat group also underscores the cyber arms race between defenders and threat groups that reuse earlier flaws.

For businesses, this is a reminder to treat software updates as part of a routine risk management. Organizations should adopt defense in depth: enforce automatic updates where possible, verify patches, segment networks, back up data, train users on phishing and suspicious archives, and monitor for unusual file writes.

Highlights

As patches roll out, the basics of cyber hygiene stay essential.