Exploitation of vulnerabilities for which patches already exist. A preventable threat looming over businesses

Exploiting vulnerabilities for which a patch already exists can lead to security incidents that could be prevented with efficient vulnerability management

A few weeks ago, cybersecurity experts warned that advanced persistent threat groups were exploiting a critical vulnerability in WinRAR, the iconic application that allows users to compress and decompress files and is installed on millions of personal and business computers.

Is this a zero-day vulnerability? No. This vulnerability (CVE-2025-8088) was discovered in the summer of 2025, and to address it, a new version of WinRAR, 7.13, was released. Even so, malicious actors continue to use it to attack corporate systems.

The exploitation of vulnerabilities for which a patch already exists is a constant in the cybersecurity landscape, stemming from ineffective vulnerability management and a lack of control over companies’ digital assets.

What risks do companies face if they fail to mitigate vulnerabilities in the software and hardware they use? How can the exploitation of vulnerabilities for which a patch already exists be prevented? We address these questions below.

The WinRAR Case: To fix the vulnerability, you must re-download and reinstall the program

What is the vulnerability affecting Windows versions of WinRAR prior to 7.13? It is a path traversal vulnerability, one of the most dangerous software weaknesses, according to CISA and MITRE.

This vulnerability allows malicious actors to execute arbitrary code via malicious RAR files. Thus, once the victim downloads a malicious file and extracts it using WinRAR, their computer is compromised. Once they log back into their computer, the attackers can execute code remotely, infecting the computer with malware to steal vast amounts of information.

Who is behind the active exploitation of this vulnerability? Google Threat Intelligence has identified advanced persistent threat groups linked to Russia or China that are seeking to conduct cyber espionage, as well as criminal groups whose goal is financial gain.

Why, six months after a patch was released, is this vulnerability still being actively exploited in enterprise environments?

WinRAR does not have an automatic update feature. As a result, it did not release a security update but instead released a new version of the program with the vulnerability fixed. This means that individuals and businesses have had to download the program again. What has happened? Many organizations have not done so, leaving them vulnerable to exploitation.

Small and medium-sized enterprises are highly vulnerable to the exploitation of vulnerabilities for which a patch already exists

When addressing the problem of exploiting vulnerabilities for which a patch already exists, we must bear in mind that the entire business ecosystem is at risk. However, the risk is even greater for small and medium-sized enterprises. Why?

Large companies have been investing in cybersecurity for decades and implementing technical and organizational policies and mechanisms to detect, manage, and mitigate vulnerabilities in their digital assets.

However, for SMEs, cybersecurity has not been a priority. As a result, many organizations do not:

• Maintain an inventory of all the software and devices they use.
• Conduct regular security audits to identify weaknesses in their technology infrastructure.
• Have a vulnerability management service in place to address vulnerabilities, prioritizing them by severity.
• Have policies in place requiring that all security updates released by the manufacturers of the hardware and software they use be installed immediately.
• Apply basic cybersecurity principles and best practices, such as network segmentation, the principle of least privilege, and the management of employee accounts in corporate software.
• Train their staff to avoid being tricked into downloading suspicious files or applications onto their devices.

These factors result in a high level of exposure to the exploitation of vulnerabilities for which patches already exist.

The use of personal devices for work increases the risk of vulnerability exploitation for which a patch already exists

One factor that facilitates the exploitation of vulnerabilities for which a patch already exists in corporate environments is the use of personal devices, such as mobile phones or computers, to access corporate software and perform work-related tasks.

Why? In many companies, there is no oversight whatsoever over the personal devices used for work. As a result, malicious actors can exploit vulnerabilities in widely used applications such as WinRAR to infect these devices and gain access to programs and information critical to the company.

Added to this is the fact that a large portion of the workforce has limited training in cybersecurity, which can result in employees:

• Falling victim to attacks that use social engineering techniques.
• Failing to implement basic security measures, such as updating web or mobile applications and their devices’ operating systems as quickly as possible to prevent the exploitation of vulnerabilities for which patches already exist.

Exploiting vulnerabilities for which patches already exist can lead to serious consequences that are entirely preventable

What are the potential consequences of exploiting vulnerabilities for which patches already exist? If attackers manage to infiltrate and infect their victims’ devices, they can gain remote access to them and:

• Gain access to a large amount of business data.
• Steal login credentials and session cookies to access corporate software.
• Take screenshots.
• Obtain financial data.
• Gain access to highly valuable confidential information such as customer lists, intellectual property, or financial data.
• Spy on the employee and their company for months, remaining undetected and even moving laterally across corporate systems.

We are therefore talking about extremely serious consequences that companies must prevent to avoid security incidents with severe economic and legal repercussions.

Vulnerability management is a central component of any cybersecurity strategy

What does all of this demonstrate? Vulnerability management plays a critical role in ensuring an adequate level of security within a company.

In fact, as we noted at the beginning of this article, the exploitation of vulnerabilities for which a patch already exists is a direct consequence of poor vulnerability management.

The importance of this cybersecurity service to a company’s defensive structure is enormous. It should therefore come as no surprise that regulations such as the NIS2 Directive require organizations operating in critical sectors to effectively manage the vulnerabilities present in their infrastructure.

Beyond its relevance in critical sectors such as finance, healthcare, and energy, vulnerability management is a key tool in any security strategy to address vulnerabilities discovered daily.

Thus, vulnerability management services are responsible for:

• Compiling an inventory of assets, classifying them, and identifying the individuals responsible for the security of each asset.
• Continuously monitoring the security status of assets, taking into account emerging vulnerabilities.
• Prioritizing the remediation of identified vulnerabilities based on parameters such as the likelihood of short-term exploitation and the potential impact on the company’s business model.
• Designing action plans to facilitate vulnerability mitigation.
• Reducing the time required to detect new vulnerabilities and mitigate those found in the technology infrastructure.
• Verify that mitigation efforts were carried out correctly.
• Ensure compliance with vulnerability management regulations.

Ultimately, the exploitation of vulnerabilities for which a patch already exists should be rare. However, poor vulnerability management can leave companies exposed to weaknesses for which mitigation methods already exist.