Summary

  • WinRAR's 'trial forever' meme masks many users running outdated, vulnerable versions of the app.
  • CVE-2025-8088 lets attackers hide malware in archives that install payloads to the startup app folder.
  • The exploit was patched in April 2025, but it still runs rampant due to nobody updating WinRAR.

Out of all the apps on the internet that offer free trials, I don't think I've seen as many memes for a specific one as I have for WinRAR. It's a shame, because WinRAR is one of the only apps I know that acts on the honor system. You can still use WinRAR once your trial is over, but the 'right thing to do' is to pay for a license, even if nobody actually does. Either that, or move to 7-Zip.

Well, it seems the importance of keeping your apps supported has reared its head, as cyber criminals are exploiting a bug buried within WinRAR. The weird part is, the bug was fixed back in mid-2025, but because nobody pays attention to the window that pops up with WinRAR, the exploit continues to be abused to this day.

A WinRAR exploit patched in April 2025 is still rampant today

Maybe give your copy of WinRAR an update

As spotted by Tom's Hardware, there was a bug in older versions of WinRAR that allowed cyber criminals to run malicious code on people's computers. Named CVE-2025-8088 by the National Institute of Standards and Technology, the exploit allows bad agents to hide malicious payloads within archives. When someone uses an older version of WinRAR to extract the data within, the malware is delivered into a system-critical folder. This can include the "Startup Programs" folder, so the malware fires every time the user boots up their PC.

I say "older version" because this exploit has long been fixed in an update that was released in April 2025. However, because you have to update WinRAR manually, many people have yet to grab the latest version. RARLAB has added a notification to the bottom of the startup window telling people to update, but unfortunately, it's the same window that nags people for not purchasing a WinRAR license, so people close it as soon as it appears. As such, people are still successfully exploiting CVE-2025-8088 to this day.

If you don't remember when you downloaded your copy, head over to the WinRAR website and grab the 7.13 update. Once it's downloaded and installed, you should be good to go. And maybe consider throwing RARLAB some money, because honestly, I think they deserve it as one of the few retro Windows apps that have survived to this day.