CVE-2025-8088
RARLAB WinRAR Path Traversal Vulnerability - [Actively Exploited]
Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
INFO
Published Date :
Aug. 8, 2025, 12:15 p.m.
Last Modified :
Aug. 21, 2025, 2:12 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088
Affected Products
The following products are affected by CVE-2025-8088
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Update WinRAR to the latest version available.
- Avoid opening archives from untrusted sources.
Public PoC/Exploit Available at Github
CVE-2025-8088 has a 24 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-8088.
| URL | Resource |
|---|---|
| https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 | Release Notes |
| https://support.dtsearch.com/faq/dts0245.htm | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo | Mitigation Third Party Advisory |
| https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 | Press/Media Coverage |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-8088 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-8088
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Python
A high-performance, memory-safe implementation of the WinRAR CVE-2025-8088 exploit tool, rewritten in Rust for better reliability and performance.
PowerShell Rust
None
Winrar CVE exploitation before 7.13 using multiple ADS streams on a single file (Custom PDF implementation)
Python
An engaging walkthrough on uncovering, patching, and securing the WinRAR CVE-2025-8088 with a hands-on hacker’s twist.
cve cybersecurity exploit winrar
POWERSHEL script to check if your device is affected or no
PowerShell
None
Python
This PoC is for authorized study and testing. CVE-2025-8088 is actively exploited, and misuse may violate laws or cause harm. Update to WinRAR 7.13+ to avoid suspicious RARs.
PowerShell Python
🚀 Demonstrate the WinRAR CVE-2025-8088 exploit with a PoC RAR archive that installs a VBScript on startup, showcasing its impact on vulnerable systems.
archive-tool cve-2025-8088 cybersecurity exploit file-format malware-analysis penetration-testing proof-of-concept reverse-engineering security-research software-testing threat-modeling vulnerability windows-exploit winrar
None
Python
Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS)
Python
Exploit systems using older WinRAR without knowing their username (unlike other projects)
Python
None
Python
WinRAR Traversal Exploit: Educational ANSI C tool simulating WinRAR directory traversal vulnerability. Demonstrates malicious file writing and TCP connection in isolated labs. For blue team training only. Do not use on public networks. Author: Dr. Burak BAYSAN.
C
Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088
cve-2025-8088 exploit poc redteam security-research vulnerability winrar zero-day zeroday
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8088 vulnerability anywhere in the article.
-
CybersecurityNews
New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression
A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerabilit ... Read more
-
CybersecurityNews
WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compre ... Read more
-
Help Net Security
Week in review: 2 threat actors exploiting WinRAR 0-day, Microsoft fixes “BadSuccessor” Kerberos flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) The RomCom attackers aren’t the onl ... Read more
-
CybersecurityNews
Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks
Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems Cisco has disclosed a high-severity vulnerabi ... Read more
-
CybersecurityNews
CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware
A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal fla ... Read more
-
CybersecurityNews
Microsoft Exchange Server Vulnerabilities Let Attackers Spoof and Tamper Over Network
Critical security vulnerabilities in Microsoft Exchange Server enable attackers to perform spoofing and tampering attacks over network connections. The vulnerabilities include two Exchange Server flaw ... Read more
-
TheCyberThrone
CISA adds WinRAR and Microsoft vulnerabilities to KEV catalog
August 14, 2025The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added new Microsoft and WinRAR vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to ... Read more
-
CybersecurityNews
GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise
A critical security vulnerability in GitHub Copilot and Visual Studio Code has been discovered that allows attackers to achieve remote code execution through prompt injection attacks, potentially lead ... Read more
-
CybersecurityNews
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild
The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to app ... Read more
-
Help Net Security
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)
The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a g ... Read more
-
Ars Technica
High-severity WinRAR 0-day exploited for weeks by 2 groups
A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached t ... Read more
-
The Cyber Express
New Zero-Day in WinRAR Abused by RomCom
A new zero-day vulnerability in WinRAR (CVE-2025-8088) is being exploited in the wild by the Russia-aligned hacking group RomCom, according to newly published research from ESET. The flaw, silently ta ... Read more
-
The Register
Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks
Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix. The bug, tracked as CVE-2025-8088, is a path-traversa ... Read more
-
BleepingComputer
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop d ... Read more
-
TheCyberThrone
CVE-2025-8088 WinRAR Zero-Day Vulnerability
August 11, 2025What is CVE-2025-8088?CVE-2025-8088 refers to a critical zero-day vulnerability in the Windows version of WinRAR—a widely used file archive utility.The flaw was actively exploited befor ... Read more
-
security.nl
'Europese bedrijven sinds 18 juli aangevallen via WinRAR-kwetsbaarheid'
Europese bedrijven, waaronder in de financiële, productie, defensie en logistieke sectoren, zijn sinds 18 juli aangevallen via een kwetsbaarheid in de populaire archiveringssoftware WinRAR. Op het mom ... Read more
-
Help Net Security
WinRAR zero day exploited by RomCom hackers in targeted attacks
ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows version ... Read more
-
CybersecurityNews
WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware
A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware. The flaw, designated ... Read more
-
The Hacker News
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been des ... Read more
-
Daily CyberSecurity
WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware
Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR that has been actively exploited to execute arbitrary code on victims’ systems. Tra ... Read more
The following table lists the changes that have been made to the
CVE-2025-8088 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Aug. 21, 2025
Action Type Old Value New Value Added CPE Configuration AND OR *cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:* versions up to (excluding) 2023.01 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Added Reference Type CVE: https://support.dtsearch.com/faq/dts0245.htm Types: Third Party Advisory -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 21, 2025
Action Type Old Value New Value Added Reference https://support.dtsearch.com/faq/dts0245.htm -
Modified Analysis by [email protected]
Aug. 18, 2025
Action Type Old Value New Value Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Types: Third Party Advisory Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo Types: Mitigation, Third Party Advisory -
CVE Modified by [email protected]
Aug. 15, 2025
Action Type Old Value New Value Changed Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strý?ek from ESET. A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 15, 2025
Action Type Old Value New Value Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo -
Initial Analysis by [email protected]
Aug. 13, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CPE Configuration AND OR *cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* versions up to (excluding) 7.13 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Added Reference Type ESET: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 Types: Release Notes Added Reference Type CISA-ADP: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 Types: Press/Media Coverage -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 13, 2025
Action Type Old Value New Value Added Date Added 2025-08-12 Added Due Date 2025-09-02 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name RARLAB WinRAR Path Traversal Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 12, 2025
Action Type Old Value New Value Added Reference https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 -
New CVE Received by [email protected]
Aug. 08, 2025
Action Type Old Value New Value Added Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-35 Added Reference https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5