WinRAR Flaw Allows Malware to Run at Windows Startup

For decades, WinRAR has been the go-to software for opening and creating RAR files. Even though Windows 11 now natively supports the RAR format — removing the need for most people to install third-party archiving tools — millions of users worldwide still rely on WinRAR, often out of habit or for its extra features. But if you're one of them, you'll want to pay attention: a recently discovered security flaw is being actively exploited, and it could allow hackers to run malware on your PC as soon as Windows starts.

How the Vulnerability Works

The flaw, identified as CVE-2025-8088, was discovered by ESET researchers Anton Cherepanov, Peter Košinár, and Peter Strýček. It's not just a theoretical risk — it's already being used by malicious actors in real-world attacks.

Here's how it works: normally, when you extract files from a RAR archive, WinRAR asks you where you want them saved. This flaw bypasses that prompt entirely, allowing an attacker to create a specially crafted archive that automatically extracts its contents into sensitive system folders without user consent.

One of the most dangerous targets for this trick is the Windows startup folder. Anything placed in that folder will automatically launch when Windows boots up — whether you're starting your PC from scratch or just restarting. That means hackers can use this loophole to ensure their malicious programs run every single time your computer starts.

Why It's a Serious Threat

Startup-based attacks are particularly dangerous because they give malware persistence. Even if you close or delete the main program file, it will simply reinstall itself the next time your PC reboots. This could allow attackers to log keystrokes, steal passwords, encrypt files for ransom, or use your PC as part of a botnet — all without you immediately realising something is wrong.

Adding to the risk, this vulnerability affects not only WinRAR for Windows but also related tools like RAR and UnRAR. So even if you don't directly use WinRAR, other software that depends on its engine could also be affected. Fortunately, ESET confirmed that Android and Unix versions remain unaffected.

The Fix Is Available — But Not Automatic

The developers behind WinRAR have already released a patch. The fix comes in WinRAR 7.13 Final, which was made available on 30 July 2025. The problem is that WinRAR does not update automatically, meaning many users could remain vulnerable for months — or even years — if they don't manually install the new version.

To update, you'll need to:

Visit the official WinRAR website.

Download the latest installer (7.13 Final or newer).

Run the installer to replace your old version.

If you're still running a version older than 7.13, you should treat this as urgent.

How to Protect Yourself in the Meantime

Until you're certain you've updated, treat unknown RAR archives with extreme caution — especially if they come from untrusted sources. Avoid opening attachments from suspicious emails, and don't download compressed files from random websites. Running a reputable antivirus program can also help detect and block known malware before it runs.

Final Thoughts

WinRAR has been a household name for decades, but this incident is a reminder that even long-standing, trusted software can have vulnerabilities. In an age where cybercriminals are becoming more creative, the simplest safety measure you can take is to keep your software updated.

If you've been holding onto an old version of WinRAR "because it still works fine," now is the time to break that habit. A few minutes spent updating could save you hours — or even days — of recovery if your system is compromised.