A Windows-only extraction flaw tracked as CVE-2025-8088 shows how a routine compression utility can be twisted into a file-placement weapon inside a phishing or archive-delivery chain.