Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088

8.4HIGH

Key Information:

Status
Vendor
CVE Published:
8 August 2025

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-8088?

A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET, who highlighted the risks associated with such vulnerabilities. Users are urged to apply the latest security updates to mitigate potential threats.

Affected Version(s)

WinRAR Windows 0 <= 7.12

News Articles

WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

2 hours ago

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • đź’°

    Used in Ransomware

  • 👾

    Exploit known to exist

  • đź“°

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-8088 : Path Traversal Vulnerability in WinRAR for Windows by ESET