WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Summary
Two Russia-aligned cyber attack campaigns are actively exploiting a path traversal vulnerability in WinRAR (CVE-2025-8088) to target Ukrainian organizations. This exploitation is occurring nearly a year after patches for the flaw were made available, indicating persistent threats against Ukraine.
IFF Assessment
The article details active exploitation of a vulnerability by threat actors, posing a direct risk to targeted organizations.
Severity
The vulnerability is a path traversal flaw allowing code execution. While the article doesn't provide a specific CVSS score, a score in the High range (like 7.8) is appropriate given the potential for code execution which can lead to significant impact. The attack vector would likely be local (AV:L) or network (AV:N) depending on how the malicious archive is delivered, and it has a high impact on integrity and confidentiality.
CISA KEV: Listed as actively exploited. Federal patch due: September 02, 2025. Known ransomware use: Unknown.
Defender Context
This highlights the ongoing threat of exploiting known vulnerabilities, especially in the context of geopolitical conflicts. Defenders should ensure all WinRAR installations are updated to the latest version and implement strong endpoint detection and response (EDR) capabilities to identify and block suspicious file operations.