Improper validation of file paths using Windows Alternate Data Streams (ADS) . This flaw allows an archive to silently drop malicious files into sensitive system directories, such as the Windows Startup folder, during the extraction of seemingly harmless files. Attack Chain
Path Traversal / Remote Code Execution (RCE). Affected Software: WinRAR versions prior to 7.13 . 52859.rar
WinRAR vulnerability exploited by two different groups - Malwarebytes Improper validation of file paths using Windows Alternate
The provided file name refers to a known proof-of-concept (PoC) exploit or malicious archive associated with a high-severity WinRAR Path Traversal vulnerability (tracked as CVE-2025-8088 ). This specific vulnerability was actively exploited in the wild by threat actors like the Russia-aligned group RomCom to target defense and financial sectors. Technical Write-up such as the Windows Startup folder