WinRAR path traversal zero-day (CVE-2025-8088) exploited to deploy malware
Scope: WinRAR (archive utility)
Severity: Red
A path traversal flaw allowed archives to write files to attacker-chosen paths; exploited in phishing to install RomCom malware. Upgrade to WinRAR 7.13+ and block untrusted archives. .
The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.