Path Traversal Vulnerability in WinRAR for Windows by ESET
CVE-2025-8088
Key Information:
- Vendor
Win.rar Gmbh
- Status
- Vendor
- CVE Published:
- 8 August 2025
Badges
What is CVE-2025-8088?
CVE-2025-8088 is a path traversal vulnerability found in the Windows version of WinRAR, a popular file compression software developed by Win.rar GmbH. This vulnerability enables attackers to create specially crafted archive files that can manipulate file paths on the target system. As a result, when an unsuspecting user extracts these malicious archives using WinRAR, arbitrary code can be executed without the user's consent. This compromises the integrity and security of the affected systems, making organizations vulnerable to various security breaches and malicious activities.
The exploitation of this vulnerability can occur due to inadequate validation of user input, allowing attackers to traverse directories and write files outside the intended directories. Given WinRAR’s widespread use for handling compressed files, the potential impact on various sectors, including business, finance, and personal data storage, is substantial. Organizations relying on WinRAR for file management must be particularly attentive to this vulnerability, as it could lead to unauthorized access, data leakage, and overall compromise of sensitive information.
Potential Impact of CVE-2025-8088
-
Remote Code Execution: The primary risk associated with CVE-2025-8088 is the ability for attackers to execute arbitrary code on the victim's machine. This provides them with control over the system and can lead to further intrusion and exploitation of connected network resources.
-
Data Breach Risks: With arbitrary code execution, attackers can access, modify, or delete sensitive data stored on the affected system. This could lead to significant data breaches, particularly in organizations handling confidential or personal information.
-
Establishment of Persistent Threats: Once an attacker gains access through this vulnerability, they may deploy malware, including ransomware or spyware, establishing a persistent threat on the network. This can lead to further exploitation, disruption of services, or extensive financial and reputational damage to the organization.
CISA has reported CVE-2025-8088
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-8088 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
WinRAR Windows 0 <= 7.12
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Details emerge on WinRAR zero-day attacks that infected PCs with malware
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads.
3 weeks ago
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
ESET Research discover a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents.
3 weeks ago

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
WinRAR 7.13 fixes CVE-2025-8088 zero-day exploited in attacks on Russian firms, linked to Paper Werewolf.
3 weeks ago
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 🟡
Public PoC available
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved