Known Exploited Vulnerability
8.8
HIGH CVSS 3.1
CVE-2025-8088
RARLAB WinRAR Path Traversal Vulnerability - [Actively Exploited]
Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

INFO

Published Date :

Aug. 8, 2025, 12:15 p.m.

Last Modified :

Aug. 21, 2025, 2:12 p.m.

Remotely Exploit :

Yes !
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088

Affected Products

The following products are affected by CVE-2025-8088 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows
1 Rarlab winrar
1 Dtsearch dtsearch
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
CVSS 4.0 HIGH [email protected]
Solution
Update WinRAR to the latest version to fix the path traversal vulnerability.
  • Update WinRAR to the latest version available.
  • Avoid opening archives from untrusted sources.
Public PoC/Exploit Available at Github

CVE-2025-8088 has a 24 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-8088 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-8088 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 4 days, 4 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 27, 2025, 6:47 p.m. This repo has been linked 1 different CVEs too.

A high-performance, memory-safe implementation of the WinRAR CVE-2025-8088 exploit tool, rewritten in Rust for better reliability and performance.

PowerShell Rust

Updated: 3 days, 6 hours ago
4 stars 1 fork 1 watcher
Born at : Aug. 27, 2025, 5:56 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 4 days, 9 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 27, 2025, 2:05 p.m. This repo has been linked 1 different CVEs too.

Winrar CVE exploitation before 7.13 using multiple ADS streams on a single file (Custom PDF implementation)

Python

Updated: 4 days, 14 hours ago
1 stars 0 fork 0 watcher
Born at : Aug. 27, 2025, 6:32 a.m. This repo has been linked 1 different CVEs too.

An engaging walkthrough on uncovering, patching, and securing the WinRAR CVE-2025-8088 with a hands-on hacker’s twist.

cve cybersecurity exploit winrar

Updated: 4 days, 6 hours ago
1 stars 0 fork 0 watcher
Born at : Aug. 26, 2025, 8:37 p.m. This repo has been linked 1 different CVEs too.

POWERSHEL script to check if your device is affected or no

PowerShell

Updated: 5 days, 5 hours ago
1 stars 1 fork 1 watcher
Born at : Aug. 26, 2025, 4:32 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 5 days, 21 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 26, 2025, 1:43 a.m. This repo has been linked 1 different CVEs too.

This PoC is for authorized study and testing. CVE-2025-8088 is actively exploited, and misuse may violate laws or cause harm. Update to WinRAR 7.13+ to avoid suspicious RARs.

PowerShell Python

Updated: 2 days, 17 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 21, 2025, 7:49 a.m. This repo has been linked 1 different CVEs too.

🚀 Demonstrate the WinRAR CVE-2025-8088 exploit with a PoC RAR archive that installs a VBScript on startup, showcasing its impact on vulnerable systems.

archive-tool cve-2025-8088 cybersecurity exploit file-format malware-analysis penetration-testing proof-of-concept reverse-engineering security-research software-testing threat-modeling vulnerability windows-exploit winrar

Updated: 5 days, 16 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 21, 2025, 7:40 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 1 week, 4 days ago
1 stars 0 fork 0 watcher
Born at : Aug. 20, 2025, 10:46 a.m. This repo has been linked 1 different CVEs too.

Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS)

Python

Updated: 1 week, 5 days ago
2 stars 1 fork 1 watcher
Born at : Aug. 17, 2025, 6:31 a.m. This repo has been linked 1 different CVEs too.

Exploit systems using older WinRAR without knowing their username (unlike other projects)

Python

Updated: 1 week, 1 day ago
22 stars 3 fork 3 watcher
Born at : Aug. 16, 2025, 6:12 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : Aug. 15, 2025, 8:03 p.m. This repo has been linked 1 different CVEs too.

WinRAR Traversal Exploit: Educational ANSI C tool simulating WinRAR directory traversal vulnerability. Demonstrates malicious file writing and TCP connection in isolated labs. For blue team training only. Do not use on public networks. Author: Dr. Burak BAYSAN.

C

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 14, 2025, 5:04 p.m. This repo has been linked 1 different CVEs too.

Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088

cve-2025-8088 exploit poc redteam security-research vulnerability winrar zero-day zeroday

Python

Updated: 1 week, 5 days ago
9 stars 6 fork 6 watcher
Born at : Aug. 14, 2025, 12:36 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-8088 vulnerability anywhere in the article.

  • CybersecurityNews
New Zip Slip Vulnerability Allows Attackers to Manipulate ZIP Files During Decompression

A newly observed variant of the Zip Slip vulnerability has emerged, enabling threat actors to exploit path traversal flaws in widely used decompression utilities. Exploits leveraging this vulnerabilit ... Read more

Published Date: Aug 27, 2025 (4 days, 9 hours ago)
  • CybersecurityNews
WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study

The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compre ... Read more

Published Date: Aug 26, 2025 (5 days, 12 hours ago)
  • Help Net Security
Week in review: 2 threat actors exploiting WinRAR 0-day, Microsoft fixes “BadSuccessor” Kerberos flaw

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) The RomCom attackers aren’t the onl ... Read more

Published Date: Aug 17, 2025 (2 weeks ago)
  • CybersecurityNews
Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks

Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems Cisco has disclosed a high-severity vulnerabi ... Read more

Published Date: Aug 15, 2025 (2 weeks, 2 days ago)
  • CybersecurityNews
CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware

A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal fla ... Read more

Published Date: Aug 15, 2025 (2 weeks, 2 days ago)
  • CybersecurityNews
Microsoft Exchange Server Vulnerabilities Let Attackers Spoof and Tamper Over Network

Critical security vulnerabilities in Microsoft Exchange Server enable attackers to perform spoofing and tampering attacks over network connections. The vulnerabilities include two Exchange Server flaw ... Read more

Published Date: Aug 14, 2025 (2 weeks, 3 days ago)
  • TheCyberThrone
CISA adds WinRAR and Microsoft vulnerabilities to KEV catalog

August 14, 2025The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added new Microsoft and WinRAR vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to ... Read more

Published Date: Aug 14, 2025 (2 weeks, 3 days ago)
  • CybersecurityNews
GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise

A critical security vulnerability in GitHub Copilot and Visual Studio Code has been discovered that allows attackers to achieve remote code execution through prompt injection attacks, potentially lead ... Read more

Published Date: Aug 14, 2025 (2 weeks, 3 days ago)
  • CybersecurityNews
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild

The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to app ... Read more

Published Date: Aug 13, 2025 (2 weeks, 4 days ago)
  • Help Net Security
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a g ... Read more

Published Date: Aug 12, 2025 (2 weeks, 5 days ago)
  • Ars Technica
High-severity WinRAR 0-day exploited for weeks by 2 groups

A high-severity zero-day in the widely used WinRAR file compressor is under active exploitation by two Russian cybercrime groups. The attacks backdoor computers that open malicious archives attached t ... Read more

Published Date: Aug 12, 2025 (2 weeks, 5 days ago)
  • The Cyber Express
New Zero-Day in WinRAR Abused by RomCom

A new zero-day vulnerability in WinRAR (CVE-2025-8088) is being exploited in the wild by the Russia-aligned hacking group RomCom, according to newly published research from ESET. The flaw, silently ta ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • The Register
Russia's RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks

Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix. The bug, tracked as CVE-2025-8088, is a path-traversa ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • BleepingComputer
Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop d ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • TheCyberThrone
CVE-2025-8088 WinRAR Zero-Day Vulnerability

August 11, 2025What is CVE-2025-8088?CVE-2025-8088 refers to a critical zero-day vulnerability in the Windows version of WinRAR—a widely used file archive utility.The flaw was actively exploited befor ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • security.nl
'Europese bedrijven sinds 18 juli aangevallen via WinRAR-kwetsbaarheid'

Europese bedrijven, waaronder in de financiële, productie, defensie en logistieke sectoren, zijn sinds 18 juli aangevallen via een kwetsbaarheid in de populaire archiveringssoftware WinRAR. Op het mom ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • Help Net Security
WinRAR zero day exploited by RomCom hackers in targeted attacks

ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows version ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • CybersecurityNews
WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware

A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware. The flaw, designated ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • The Hacker News
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been des ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)
  • Daily CyberSecurity
WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware

Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR that has been actively exploited to execute arbitrary code on victims’ systems. Tra ... Read more

Published Date: Aug 11, 2025 (2 weeks, 6 days ago)

The following table lists the changes that have been made to the CVE-2025-8088 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Aug. 21, 2025

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:* versions up to (excluding) 2023.01 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    Added Reference Type CVE: https://support.dtsearch.com/faq/dts0245.htm Types: Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Aug. 21, 2025

    Action Type Old Value New Value
    Added Reference https://support.dtsearch.com/faq/dts0245.htm
  • Modified Analysis by [email protected]

    Aug. 18, 2025

    Action Type Old Value New Value
    Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Types: Third Party Advisory
    Added Reference Type CVE: https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo Types: Mitigation, Third Party Advisory
  • CVE Modified by [email protected]

    Aug. 15, 2025

    Action Type Old Value New Value
    Changed Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strý?ek from ESET. A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Aug. 15, 2025

    Action Type Old Value New Value
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day
    Added Reference https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo
  • Initial Analysis by [email protected]

    Aug. 13, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CPE Configuration AND OR *cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* versions up to (excluding) 7.13 OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    Added Reference Type ESET: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 Types: Release Notes
    Added Reference Type CISA-ADP: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 Types: Press/Media Coverage
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Aug. 13, 2025

    Action Type Old Value New Value
    Added Date Added 2025-08-12
    Added Due Date 2025-09-02
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name RARLAB WinRAR Path Traversal Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 12, 2025

    Action Type Old Value New Value
    Added Reference https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088
  • New CVE Received by [email protected]

    Aug. 08, 2025

    Action Type Old Value New Value
    Added Description A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-35
    Added Reference https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 8.4
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact