File-compression utility WinRAR has issued version 7.13 to close CVE-2025-8088, a high-severity zero-day vulnerability that security firm ESET says has been under active exploitation since mid-July by at least two Russia-linked hacking groups, RomCom and the outfit tracked as Paper Werewolf. The flaw allows a specially crafted RAR archive to bypass normal extraction paths and drop executables into Windows start-up directories, creating a persistent backdoor when a victim opens what appears to be a benign file. ESET reports the attackers delivered the booby-trapped archives through phishing emails masquerading as job-application documents aimed at financial, manufacturing, defence and logistics firms in Europe and Canada. WinRAR quietly shipped the fix on 30 July after receiving ESET’s report on 18 July, but earlier versions—7.12 and below—remain vulnerable and the program lacks an automatic update mechanism. Security researchers are urging the utility’s hundreds of millions of users to download version 7.13 immediately to mitigate the risk of compromise.