WinRAR exploit reportedly remains widely-used by China and Russia state actors despite patch — vulnerability allows malicious archives to deliver a hidden payload to Windows Startup folder
Despite a patch released in July 2025, a WinRAR exploit (CVE-2025-8088) continues to be utilized by state actors from China and Russia, allowing them to deliver hidden payloads to critical directories like the Windows Startup folder. The exploit takes advantage of a path traversal vulnerability in earlier WinRAR versions, enabling attackers to surreptitiously deliver malware when victims open malicious archives. Despite the availability of fast internet and cloud storage, archiving apps like WinRAR remain popular due to their ability to package files, encrypt data, and reduce file sizes. Users are advised to update WinRAR to the latest version (7.13) to mitigate the risk of falling victim to this exploit, which has targeted Ukrainian military units, government entities, and commercial organizations in various regions.