The Google Threat Intelligence Group (GTIG) has issued a formal warning regarding a high-severity vulnerability in WinRAR, identified as CVE-2025-8088. The flaw is currently being actively exploited by a wide range of threat actors, ranging from common cybercriminals to sophisticated state-sponsored espionage groups.
The Vulnerability: Path Traversal Execution
The flaw affects WinRAR version 7.12 and older. It is a Path Traversal vulnerability that allows attackers to force the application to extract malicious files into unauthorized locations on a user's system such as the Windows Startup folder.
By simply opening a specially crafted archive file, a user unknowingly triggers the malware to embed itself within the system, allowing it to execute automatically upon the next reboot.