Make a Contribution to Remove NSFW Ads

PSA: it’s time to update WinRAR due to a big security vulnerability (new vulnerability 8/12/25

Gemini

Gemini

Rising Star
BGOL Investor


If you use WinRAR, it’s time to update to the latest version after a serious security vulnerability has been discovered that’s already in use by attackers. Google’s Threat Analysis Group (TAG) has found that multiple government-backed hacking groups have been exploiting the WinRAR vulnerability since early 2023.

“A patch is now available, but many users still seem to be vulnerable,” says TAG in a blog post detailing the WinRAR exploit. “TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.”

WinRAR versions 6.24 and 6.23 both include a fix for the security hole, but the app doesn’t update automatically, so you’ll have to manually download and install the patch. That’s right, it’s 2023, and one of the most popular Windows apps still doesn’t have an auto-update feature.

The WinRAR vulnerability allows attackers to execute arbitrary code when a Windows user opens something like a PNG file within a ZIP archive. TAG describes the security exploit as “a logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces.”


The exploit has also been used to target cryptocurrency trading accounts since April 2023. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” says TAG. “These recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easy for users to keep their software secure and up-to-date.”

This isn’t the first time a major WinRAR vulnerability has been discovered. In 2019, cybersecurity company Check Point Research discovered a 19-year-old code execution exploit that could give attackers full control over a victim’s computer.
You can download the latest WinRAR update right here, or, if you’re running Windows 11, you could simply use the native support for RAR 7-zip files that was included in the latest OS update.
 
Like mentioned above, this exploit has been out for a few months now. Most breaches happen from older unpatched applications / devices.
 
Duece said:
what's a free and safe alternative?
Click to expand...
For years I used 7-zip but got back on winrar lately. I might have to go back to 7-zip.

640px-7ziplogo.svg.png
 


A newly discovered WinRAR zero-day vulnerability is being actively exploited, according to ESET Security Researchers, who found the vulnerability. Tracked as CVE-2025-8088, the flaw has been linked to a Russian-aligned hacking group known as RomCom, which has a history of targeting governments, infrastructure, and non-governmental organizations.
Click to expand...


Why you need to update manually​

WinRAR doesn’t automatically update, so you’ll need to install the latest version yourself. The fix for this flaw arrived with version 7.13, and anyone running an older release is still at risk.

Updating is quick and straightforward, but it’s important to act now, as attackers are already exploiting the bug. Alongside CVE-2025-8088 and CVE-2025-31334, recent months have seen other archive-related vulnerabilities, including CVE-2025-6218, the latter two discovered in recent months.

Keeping WinRAR up to date not only protects you from these known flaws but also reduces the risk of falling victim to future vulnerabilities.
Click to expand...
 

Make a Contribution to Remove NSFW Ads
You must log in or register to reply here.

Similar threads

MASTERBAKER
windows 11’s April update is triggering BSODs for no reason, and the only fix is to wait
Replies
0
Views
57
MASTERBAKER
MASTERBAKER
Duece
Microsoft reiterates that it will not lower Windows 11 requirements — A TPM 2.0 compatible CPU remains "non-negotiable" for all future Windows version
Replies
0
Views
137
Duece
Duece
playahaitian
Money: Amazon Warns 220 Million Customers Of Prime Account Attacks
Replies
3
Views
103
RUDY RAYYY MO
RUDY RAYYY MO
lightbright
Microsoft will delete your passwords this friday..... what to do
Replies
0
Views
43
lightbright
lightbright
DC_Dude
Birmingham is home to nation’s only skilled trade high school and it’s putting students to work
Replies
5
Views
203
yardy
Y
Back
Top