CVE-2025-8088 is a critical directory traversal vulnerability in WinRAR (CVSS 9.5, EPSS 99.7th percentile) enabling arbitrary file writes during archive extraction. Russian state-sponsored group Turla is actively deploying the STOCKSTAY .NET backdoor via this vulnerability against Ukrainian government and military targets, and the same CVE is concurrently weaponized by Sandworm, Gamaredon, and RomCom. Any Windows environment running unpatched WinRAR is at direct risk of state-level persistent compromise.