CVE-2025-8088
RARLAB WinRAR Path Traversal Vulnerability - [Actively Exploited]
Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
INFO
Published Date :
Aug. 8, 2025, 12:15 p.m.
Last Modified :
Oct. 30, 2025, 3:50 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
Affected Products
The following products are affected by CVE-2025-8088
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Update WinRAR to the latest version available.
- Avoid opening archives from untrusted sources.
Public PoC/Exploit Available at Github
CVE-2025-8088 has a 51 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-8088.
| URL | Resource |
|---|---|
| https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 | Release Notes |
| https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/ | Press/Media Coverage |
| https://support.dtsearch.com/faq/dts0245.htm | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo | Mitigation Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 | US Government Resource |
| https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 | Press/Media Coverage |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-8088 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-8088
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Python
Task 3: Perform a Basic Vulnerability Scan on Your PC
path traversal tool based on cve 2025 8088 vurnelability
cve-2025-8088
Python
Path traversal tool based on cve-2025-8088 vulnerability
cve-2025-8088
Python
A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower
Python
path traversal tool based on cve-2025-8088
cve-2025-8088
Python
CVE-2025-8088 based path traversal tool
cve-2025-8088
Python
None
CVE-2025-8088 based path traversal tool
cve-2025-8088 path-traversal
Python
None
CVE-2025-8088 based path traversal tool
cve-2025-8088 path-traversal path-traversal-exploitation path-traversal-tool
Python
CVE-2025-8088 exploit C++ impl
C++
🚨 Exploit WinRAR CVE-2025-8088 with this PoC RAR archive, demonstrating the vulnerability and its impact when executed on the affected software.
bug-hunting cve-2025-8088 exploit-development malware-analysis penetration-testing proof-of-concept reverse-engineering security-research security-vulnerability software-security vulnerability-assessment winrar archive-exploit exploitation-techniques rar-file
CVE-2025-8088 path traversal tool
cve-2025-8088 path-traversal path-traversal-tool
Python
CVE-2025-8088 path traversal tool
cve-2025-8088 path-traversal path-traversal-tool
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8088 vulnerability anywhere in the article.
-
The Hacker News
Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a ... Read more
-
The Hacker News
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Oct 24, 2025Ravie LakshmananCyber Espionage / Malware A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Gol ... Read more
-
Daily CyberSecurity
Bitter APT Attacks China/Pakistan with WinRAR Zero-Day and New C# Backdoor via Office Macro
Image: Qianxin China-based cybersecurity firm Qianxin Threat Intelligence Center has uncovered a new wave of attacks linked to the Bitter APT group (APT-Q-37), also known as 蔓灵花. The group—widely beli ... Read more
-
The Cyber Express
22 Vulnerabilities Under Attack – And Another That Could Be
Cyble researchers detailed 22 vulnerabilities under active attack in a blog post today – and nine of them aren’t in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Twelve of the vulnerabilities ... Read more
-
europa.eu
Cyber Brief 25-09 - August 2025
Cyber Brief (August 2025)September 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 321 open source reports for this Cyber Brief1.Relating to cyber policy and law enforcement, Ukraine, Romani ... Read more
-
CybersecurityNews
New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression
A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerabilit ... Read more
-
CybersecurityNews
WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compre ... Read more
-
Help Net Security
Week in review: 2 threat actors exploiting WinRAR 0-day, Microsoft fixes “BadSuccessor” Kerberos flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) The RomCom attackers aren’t the onl ... Read more
-
CybersecurityNews
Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks
Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems Cisco has disclosed a high-severity vulnerabi ... Read more
-
CybersecurityNews
CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware
A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal fla ... Read more
-
CybersecurityNews
Microsoft Exchange Server Vulnerabilities Let Attackers Spoof and Tamper Over Network
Critical security vulnerabilities in Microsoft Exchange Server enable attackers to perform spoofing and tampering attacks over network connections. The vulnerabilities include two Exchange Server flaw ... Read more
-
TheCyberThrone
CISA adds WinRAR and Microsoft vulnerabilities to KEV catalog
August 14, 2025The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added new Microsoft and WinRAR vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to ... Read more
-
CybersecurityNews
GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise
A critical security vulnerability in GitHub Copilot and Visual Studio Code has been discovered that allows attackers to achieve remote code execution through prompt injection attacks, potentially lead ... Read more
-
CybersecurityNews
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild
The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to app ... Read more
-
Help Net Security
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)
The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a g ... Read more
-
Ars Technica
High-severity WinRAR 0-day exploited for weeks by 2 groups
A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached t ... Read more
-
The Cyber Express
New Zero-Day in WinRAR Abused by RomCom
A new zero-day vulnerability in WinRAR (CVE-2025-8088) is being exploited in the wild by the Russia-aligned hacking group RomCom, according to newly published research from ESET. The flaw, silently ta ... Read more
-
The Register
Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks
Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix. The bug, tracked as CVE-2025-8088, is a path-traversa ... Read more
-
BleepingComputer
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop d ... Read more
-
TheCyberThrone
CVE-2025-8088 WinRAR Zero-Day Vulnerability
August 11, 2025What is CVE-2025-8088?CVE-2025-8088 refers to a critical zero-day vulnerability in the Windows version of WinRAR—a widely used file archive utility.The flaw was actively exploited befor ... Read more
The following table lists the changes that have been made to the
CVE-2025-8088 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 30, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 -
Modified Analysis by [email protected]
Sep. 16, 2025
Action Type Old Value New Value Added Reference Type CVE: https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/ Types: Press/Media Coverage -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Sep. 15, 2025
Action Type Old Value New Value Added Reference https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/ -
Modified Analysis by [email protected]
Aug. 21, 2025
Action Type Old Value New Value Added CPE Configuration AND OR *cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:* versions up to (excluding) 2023.01 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Added Reference Type CVE: https://support.dtsearch.com/faq/dts0245.htm Types: Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 21, 2025
Action Type Old Value New Value Added Reference https://support.dtsearch.com/faq/dts0245.htm -
Modified Analysis by [email protected]
Aug. 18, 2025
Action Type Old Value New Value Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Types: Third Party Advisory Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo Types: Mitigation, Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 15, 2025
Action Type Old Value New Value Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo -
CVE Modified by [email protected]
Aug. 15, 2025
Action Type Old Value New Value Changed Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strý?ek from ESET. A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. -
Initial Analysis by [email protected]
Aug. 13, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CPE Configuration AND OR *cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* versions up to (excluding) 7.13 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Added Reference Type ESET: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 Types: Release Notes Added Reference Type CISA-ADP: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 Types: Press/Media Coverage -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 13, 2025
Action Type Old Value New Value Added Date Added 2025-08-12 Added Due Date 2025-09-02 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name RARLAB WinRAR Path Traversal Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 12, 2025
Action Type Old Value New Value Added Reference https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 -
New CVE Received by [email protected]
Aug. 08, 2025
Action Type Old Value New Value Added Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-35 Added Reference https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5