THE Google Threat Intelligence Group reported on the active exploitation of the WinRAR vulnerability CVE-2025-8088, identified in July 2025. This path traversal vulnerability allows attackers, including state-sponsored actors from Russia and China, to establish access and deploy payloads by dropping malicious files into the Windows Startup folder. Both government-backed and financially motivated threat actors are leveraging the vulnerability, highlighting gaps in application security and user awareness.
Recommendations include keeping software updated and utilizing Google Safe Browsing. The report also details various exploit mechanisms and recent activities of actors exploiting this flaw, with specific focus on campaigns targeting Ukrainian entities and financial institutions. Important indicators of compromise (IOCs) for detection are provided to aid organizations in identifying malicious activities associated with this vulnerability.