Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088

8.4HIGH

Key Information:

Vendor: Win.rar Gmbh
Status: Winrar
Vendor: CVE Published:; 8 August 2025

🔔 Create Win.rar Gmbh Vulnerability Alert

Badges

🥇 Trended No. 1📈 Trended📈 Score: 18,100💰 Ransomware👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%🦅 CISA Reported📰 News Worthy

What is CVE-2025-8088?

CVE-2025-8088 is a path traversal vulnerability found in the Windows version of WinRAR, a popular file compression software developed by Win.rar GmbH. This vulnerability enables attackers to create specially crafted archive files that can manipulate file paths on the target system. As a result, when an unsuspecting user extracts these malicious archives using WinRAR, arbitrary code can be executed without the user's consent. This compromises the integrity and security of the affected systems, making organizations vulnerable to various security breaches and malicious activities.

The exploitation of this vulnerability can occur due to inadequate validation of user input, allowing attackers to traverse directories and write files outside the intended directories. Given WinRAR’s widespread use for handling compressed files, the potential impact on various sectors, including business, finance, and personal data storage, is substantial. Organizations relying on WinRAR for file management must be particularly attentive to this vulnerability, as it could lead to unauthorized access, data leakage, and overall compromise of sensitive information.

Potential Impact of CVE-2025-8088

Remote Code Execution: The primary risk associated with CVE-2025-8088 is the ability for attackers to execute arbitrary code on the victim's machine. This provides them with control over the system and can lead to further intrusion and exploitation of connected network resources.
Data Breach Risks: With arbitrary code execution, attackers can access, modify, or delete sensitive data stored on the affected system. This could lead to significant data breaches, particularly in organizations handling confidential or personal information.
Establishment of Persistent Threats: Once an attacker gains access through this vulnerability, they may deploy malware, including ransomware or spyware, establishing a persistent threat on the network. This can lead to further exploitation, disruption of services, or extensive financial and reputational damage to the organization.

CISA has reported CVE-2025-8088

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8088 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

WinRAR Windows 0 <= 7.12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2025-8088
Created by h4vier

winrar-malware-exploit
Created by lucyna77

CVE-2025-8088-Multi-Document
Created by pentestfunctions

News Articles

Dark Reading

CVE-2025-8088

Russian Attackers Weaponize WinRAR Flaw Against Ukraine

Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine

3 days ago