WinRAR has issued version 7.13 to fix CVE-2025-8088, a high-severity zero-day vulnerability that was under active exploitation for several weeks. Security researchers at ESET detected the flaw on 18 July and privately alerted developer RARLAB six days later, prompting a patch that was released on 30 July. The vulnerability lets a specially crafted RAR archive write files outside the user-chosen extraction folder, including to Windows Startup and other autorun paths. Opening the archive can therefore install persistent backdoors without further user interaction, giving attackers remote code-execution privileges. ESET attributes the attacks to at least two Russia-linked cyber-crime groups: RomCom (also known as Storm-0978) and a second cluster tracked as Paper Werewolf. The groups distributed the booby-trapped archives through spear-phishing emails disguised as job-application or other business documents. WinRAR does not update automatically, so users must manually download version 7.13 to eliminate the risk. Older builds remain widely deployed—WinRAR claims about 500 million installations—leaving unpatched systems exposed until administrators and consumers install the new release.