CTI Swarm
Zurück zu allen Deep Dives
THREAT INTELLIGENCE

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

Strategische Zusammenfassung

Multiple threat actors (including state-sponsored groups) are actively weaponizing WinRAR vulnerabilities against manufacturing and engineering sectors; immediate patching critical for supply-chain security.

Volltext

Title: Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

URL Source: https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability/

Published Time: 2026-01-27

Markdown Content: # Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 | Google Cloud Blog [Jump to Content](https://cloud.google.com/blog/#content)

[Cloud](https://cloud.google.com/ "Google Cloud")

[Blog](https://cloud.google.com/blog/ "Google Cloud Blog")

[Contact sales](https://cloud.google.com/contact/)[Get started for free](https://console.cloud.google.com/freetrial/)

[Cloud](https://cloud.google.com/ "Google Cloud")

[Blog](https://cloud.google.com/blog/ "Google Cloud Blog")

Solutions & technology

Security

Ecosystem

Industries

* [Solutions & technology](https://cloud.google.com/blog/) * [Ecosystem](https://cloud.google.com/blog/) * [Developers & Practitioners](https://cloud.google.com/blog/topics/developers-practitioners) * [Transform with Google Cloud](https://cloud.google.com/transform)

* [AI & Machine Learning](https://cloud.google.com/blog/products/ai-machine-learning) * [API Management](https://cloud.google.com/blog/products/api-management) * [Application Development](https://cloud.google.com/blog/products/application-development) * [Application Modernization](https://cloud.google.com/blog/products/application-modernization) * [Chrome Enterprise](https://cloud.google.com/blog/products/chrome-enterprise) * [Compute](https://cloud.google.com/blog/products/compute) * [Containers & Kubernetes](https://cloud.google.com/blog/products/containers-kubernetes) * [Data Analytics](https://cloud.google.com/blog/products/data-analytics) * [Databases](https://cloud.google.com/blog/products/databases) * [DevOps & SRE](https://cloud.google.com/blog/products/devops-sre) * [Maps & Geospatial](https://cloud.google.com/blog/topics/maps-geospatial) * [Security](https://cloud.google.com/blog/) * [Infrastructure](https://cloud.google.com/blog/products/infrastructure) * [Infrastructure Modernization](https://cloud.google.com/blog/products/infrastructure-modernization) * [Networking](https://cloud.google.com/blog/products/networking) * [Productivity & Collaboration](https://cloud.google.com/blog/products/productivity-collaboration) * [SAP on Google Cloud](https://cloud.google.com/blog/products/sap-google-cloud) * [Storage & Data Transfer](https://cloud.google.com/blog/products/storage-data-transfer) * [Sustainability](https://cloud.google.com/blog/topics/sustainability)

* [Security & Identity](https://cloud.google.com/blog/products/identity-security) * [Threat Intelligence](https://cloud.google.com/blog/topics/threat-intelligence)

* [IT Leaders](https://cloud.google.com/transform) * [Industries](https://cloud.google.com/blog/) * [Partners](https://cloud.google.com/blog/topics/partners) * [Startups & SMB](https://cloud.google.com/blog/topics/startups) * [Training & Certifications](https://cloud.google.com/blog/topics/training-certifications) * [Inside Google Cloud](https://cloud.google.com/blog/topics/inside-google-cloud) * [Google Cloud Next & Events](https://cloud.google.com/blog/topics/google-cloud-next) * [Google Cloud Consulting](https://cloud.google.com/blog/topics/consulting) * [Google Maps Platform](https://mapsplatform.google.com/resources/blog/) * [Google Workspace](https://workspace.google.com/blog)

* [Financial Services](https://cloud.google.com/blog/topics/financial-services) * [Healthcare & Life […]

[… 17,200 Zeichen — nächste Zone: keyword-dense paragraphs …]

* [Solutions & technology](https://cloud.google.com/blog/) * [AI & Machine Learning](https://cloud.google.com/blog/products/ai-machine-learning) * [API Management](https://cloud.google.com/blog/products/api-management) * [Application Development](https://cloud.google.com/blog/products/application-development) * [Application Modernization](https://cloud.google.com/blog/products/application-modernization) * [Chrome Enterprise](https://cloud.google.com/blog/products/chrome-enterprise) * [Compute](https://cloud.google.com/blog/products/compute) * [Containers & Kubernetes](https://cloud.google.com/blog/products/containers-kubernetes) * [Data Analytics](https://cloud.google.com/blog/products/data-analytics) * [Databases](https://cloud.google.com/blog/products/databases) * [DevOps & SRE](https://cloud.google.com/blog/products/devops-sre) * [Maps & Geospatial](https://cloud.google.com/blog/topics/maps-geospatial) * [Security](https://cloud.google.com/blog/) * [Security & Identity](https://cloud.google.com/blog/products/identity-security) * [Threat Intelligence](https://cloud.google.com/blog/topics/threat-intelligence)

The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability [CVE-2025-8088](https://nvd.nist.gov/vuln/detail/CVE-2025-8088) in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse payloads. Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated threat actors continue to exploit this n-day across disparate operations. The consistent exploitation method, a path traversal flaw allowing files to be dropped into the Windows Startup folder for persistence, underscores a defensive gap in fundamental application security and user awareness.

The widespread and opportunistic exploitation of CVE-2025-8088 by a wide range of threat actors underscores its proven reliability as a commodity initial access vector. It also serves as a stark reminder of the enduring danger posed by n-day vulnerabilities. When a reliable proof of concept for a critical flaw enters the cyber criminal and espionage marketplace, adoption is instantaneous, blurring the line between sophisticated government-backed operations […]

[… 16,396 Zeichen — nächste Zone: tail …]

[ Threat Intelligence ### The German Cyber Criminal Überfall: Shifts in Europe's Data Leak Landscape By Google Threat Intelligence Group • 5-minute read](https://cloud.google.com/blog/topics/threat-intelligence/europe-data-leak-landscape)

[ Threat Intelligence ### vSphere and BRICKSTORM Malware: A Defender's Guide By Mandiant • 62-minute read](https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide)

### Footer Links

#### Follow us

* * * * *

* [Google Cloud](https://cloud.google.com/) * [Google Cloud Products](https://cloud.google.com/products/) * [Privacy](https://myaccount.google.com/privacypolicy?hl=en-US) * [Terms](https://myaccount.google.com/termsofservice?hl=en-US) * [Cookies management controls](https://cloud.google.com/blog/#)

* [Help](https://support.google.com/)