Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088
Key Information:
- Vendor
Win.rar Gmbh
- Status
- Vendor
- CVE Published:
- 8 August 2025
Badges
What is CVE-2025-8088?
A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET, who highlighted the risks associated with such vulnerabilities. Users are urged to apply the latest security updates to mitigate potential threats.
Affected Version(s)
WinRAR Windows 0 <= 7.12
News Articles
WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks
A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.
2 hours ago
References
CVSS V4
Timeline
- đź’°
Used in Ransomware
- 👾
Exploit known to exist
- đź“°
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved