WinRAR Breach

WinRAR Breach image
You are here:
  1. Home
  2. Threat Advisory
  3. WinRAR Breach

Overview

The WinRAR Breach campaign by Gamaredon exploits CVE-2025-8088, a path traversal vulnerability (CVE-2025-8088) in WinRAR, to target government agencies. Phishing emails deliver malicious RAR archives containing a decoy PDF and hidden HTA malware, which silently drops into the Windows Startup folder, ensuring execution at next login/reboot and persistent access. This attack marks an advancement in Gamaredon’s phishing tactics, blending social engineering with technical exploitation to bypass security controls. By abusing a widely used tool like WinRAR, the group achieves stealthy persistence and data access, posing a serious threat to unpatched environments and highlighting the need for immediate patching and enhanced threat monitoring.

AFFECTED SYSTEMS

  • Software: WinRAR (versions vulnerable to CVE-2025-8088).
  • Operating System: Microsoft Windows (versions where WinRAR is installed; verify for unpatched builds vulnerable to CVE-2025-8088).

TECHNICAL DETAILS

  • Phishing email delivers a weaponized RAR containing a decoy PDF and a hidden HTA to trick recipients into extracting/opening the archive.
  • The RAR is crafted with path-traversal entries…
Read Full Report Here!

Download the Report

Date

Share

Previous Reports

Critical cPanel & WHM Auth Bypass Actively Exploited - CVE-2026-41940 copy

Critical cPanel & WHM Auth Bypass Actively Exploited – CVE-2026-41940

VECT 2.0 Ransomware Flaw Leads to Irreversible Data Destruction

VECT 2.0 Ransomware Flaw Leads to Irreversible Data Destruction

GitHub RCE Vulnerability via Git Push Enables Server Compromise (CVE-2026-3854)

GitHub RCE Vulnerability via Git Push Enables Server Compromise (CVE-2026-3854)