The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added new Microsoft and WinRAR vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. This update, issued on August 12, 2025, is significant for defenders tasked with maintaining vulnerability management and rapid response.
Details of the Newly Added Vulnerabilities
- CVE-2013-3893 — Microsoft Internet Explorer (Resource Management Errors, mshtml use-after-free).
- CVE-2007-0671 — Microsoft Office Excel (Remote Code Execution from malformed record).
- CVE-2025-8088 — WinRAR (RARLAB Path Traversal allowing arbitrary file placement/execution).
These vulnerabilities are recognized attack vectors that adversaries have exploited in active campaigns, prompting their addition to the KEV catalog to enforce and accelerate remediation timelines—especially for the federal sector. CISA requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities according to set deadlines (in this case, by September 2, 2025). While the directive is mandatory for federal agencies, CISA strongly urges all organizations to prioritize and remediate these vulnerabilities to reduce exposure to cyber threats.
WinRAR Path Traversal (CVE-2025-8088)
- Nature: A newly-publicized path traversal/alternate-data-stream (ADS) flaw discovered by ESET researchers in July 2025. Malicious RAR archives can place files into sensitive locations during extraction (e.g., autorun paths), allowing persistence and payload execution.
- Mitigation: Update to WinRAR 7.13 or later. WinRAR lacks an auto-update mechanism, so manual patching across systems is necessary. Organizations should inventory affected endpoints, update dependent libraries (UnRAR.dll), and apply sandboxing and EDR monitoring for suspicious behaviors.
Microsoft Vulnerabilities
- Scope: Legacy flaws in Internet Explorer and Office Excel are being exploited again, underlining the risks of maintaining outdated software in enterprise environments.
- Mitigation: Ensure all systems are fully patched with the latest security updates from Microsoft. Where patching is not possible, isolate affected components and employ strong network segmentation and monitoring.
Key Takeaways for Security Teams
- Treat KEV-listed vulnerabilities as immediate priorities in your vulnerability management workflow.
- Maintain a precise software inventory to quickly identify affected components (especially legacy dependencies).
- Automate patch management processes to handle both manual and automated updates, as with WinRAR’s manual-only patching.
- Use layered defenses: sandbox suspicious archives, restrict user permissions, enable EDR detection, and monitor for abnormal behaviors.
- Document mitigation steps to ensure compliance and internal SLAs, particularly for organizations governed by BOD 22-01.
CISA’s KEV catalog provides the concrete benefit of focusing operational resources on vulnerabilities with demonstrated exploitation, helping organizations to reduce real-world risk rather than hypothetically severe but less likely threats.
For continued efficacy, actively monitor the KEV catalog and promptly remediate entries to keep your organization aligned with both regulatory standards and industry best practices.
