Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088

8.4HIGH

Key Information:

Vendor

Win.rar Gmbh

Status
Winrar
Vendor
CVE Published:
8 August 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 18,100💰 Ransomware👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-8088?

CVE-2025-8088 is a path traversal vulnerability found in the Windows version of WinRAR, a popular file compression software developed by Win.rar GmbH. This vulnerability enables attackers to create specially crafted archive files that can manipulate file paths on the target system. As a result, when an unsuspecting user extracts these malicious archives using WinRAR, arbitrary code can be executed without the user's consent. This compromises the integrity and security of the affected systems, making organizations vulnerable to various security breaches and malicious activities.

The exploitation of this vulnerability can occur due to inadequate validation of user input, allowing attackers to traverse directories and write files outside the intended directories. Given WinRAR’s widespread use for handling compressed files, the potential impact on various sectors, including business, finance, and personal data storage, is substantial. Organizations relying on WinRAR for file management must be particularly attentive to this vulnerability, as it could lead to unauthorized access, data leakage, and overall compromise of sensitive information.

Potential Impact of CVE-2025-8088

  1. Remote Code Execution: The primary risk associated with CVE-2025-8088 is the ability for attackers to execute arbitrary code on the victim's machine. This provides them with control over the system and can lead to further intrusion and exploitation of connected network resources.

  2. Data Breach Risks: With arbitrary code execution, attackers can access, modify, or delete sensitive data stored on the affected system. This could lead to significant data breaches, particularly in organizations handling confidential or personal information.

  3. Establishment of Persistent Threats: Once an attacker gains access through this vulnerability, they may deploy malware, including ransomware or spyware, establishing a persistent threat on the network. This can lead to further exploitation, disruption of services, or extensive financial and reputational damage to the organization.

CISA has reported CVE-2025-8088

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8088 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WinRAR Windows 0 <= 7.12

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2025-8088
Created by h4vier

winrar-malware-exploit
Created by lucyna77

CVE-2025-8088-Multi-Document
Created by pentestfunctions

News Articles

favicon imageThe Hacker News

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google confirms nation-state and cybercrime groups exploit a patched WinRAR flaw to gain persistence and deploy malware via Windows Startup folders.

1 day ago

favicon imageBleepingComputer

WinRAR path traversal flaw still exploited by numerous hackers

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.

2 days ago

favicon imageThe Hacker News

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 and Autumn Dragon launch multi-year espionage campaigns using BADAUDIO, supply chain attacks, and new CVE-2025-8088 exploits.

References

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnew...

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🦅

    CISA Reported

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.