Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088

8.4HIGH

Key Information:

Vendor: Win.rar Gmbh
Status: Winrar
Vendor: CVE Published:; 8 August 2025

🔔 Create Win.rar Gmbh Vulnerability Alert

Badges

💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-8088?

A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET, who highlighted the risks associated with such vulnerabilities. Users are urged to apply the latest security updates to mitigate potential threats.

Affected Version(s)

WinRAR Windows 0 <= 7.12

News Articles

BleepingComputer

CVE-2025-8088

WinRAR zero-day flaw exploited by RomCom hackers in phishing attacks

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

2 hours ago

References

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnew...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Aug 8, 2025
👾
Exploit known to exist
Aug 8, 2025
📰
First article discovered by BleepingComputer
Aug 8, 2025
Vulnerability published
Aug 8, 2025
Vulnerability Reserved
Jul 23, 2025