Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088

8.4HIGH

Key Information:

Vendor

Win.rar Gmbh

Status
Winrar
Vendor
CVE Published:
8 August 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 18,100💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-8088?

CVE-2025-8088 is a path traversal vulnerability found in the Windows version of WinRAR, a popular file compression software developed by Win.rar GmbH. This vulnerability enables attackers to create specially crafted archive files that can manipulate file paths on the target system. As a result, when an unsuspecting user extracts these malicious archives using WinRAR, arbitrary code can be executed without the user's consent. This compromises the integrity and security of the affected systems, making organizations vulnerable to various security breaches and malicious activities.

The exploitation of this vulnerability can occur due to inadequate validation of user input, allowing attackers to traverse directories and write files outside the intended directories. Given WinRAR’s widespread use for handling compressed files, the potential impact on various sectors, including business, finance, and personal data storage, is substantial. Organizations relying on WinRAR for file management must be particularly attentive to this vulnerability, as it could lead to unauthorized access, data leakage, and overall compromise of sensitive information.

Potential Impact of CVE-2025-8088

  1. Remote Code Execution: The primary risk associated with CVE-2025-8088 is the ability for attackers to execute arbitrary code on the victim's machine. This provides them with control over the system and can lead to further intrusion and exploitation of connected network resources.

  2. Data Breach Risks: With arbitrary code execution, attackers can access, modify, or delete sensitive data stored on the affected system. This could lead to significant data breaches, particularly in organizations handling confidential or personal information.

  3. Establishment of Persistent Threats: Once an attacker gains access through this vulnerability, they may deploy malware, including ransomware or spyware, establishing a persistent threat on the network. This can lead to further exploitation, disruption of services, or extensive financial and reputational damage to the organization.

CISA has reported CVE-2025-8088

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8088 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WinRAR Windows 0 <= 7.12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2025-8088
Created by h4vier

winrar-malware-exploit
Created by lucyna77

CVE-2025-8088-Multi-Document
Created by pentestfunctions

News Articles

favicon imageThe Hacker News

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

China-linked Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing lures.

3 days ago

favicon imageBleepingComputer

New Amaranth Dragon cyberespionage group exploits WinRAR flaw

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies.

3 days ago

favicon imageDark Reading

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.

1 week ago

References

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnew...

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🦅

    CISA Reported

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.