AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
Gamaredon (FSB) explota WinRAR (CVE-2025-8088) en una campaña de espionaje modular contra Ucrania https://t.co/FeoiZwKUK2
@Moncloa_com
4 Jun 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian 🇷🇺 Gamaredon APT deploys new fileless malware targeting Ukraine 🇺🇦 using WinRAR CVE-2025-8088. Campaign hides payloads in NTFS Alternate Data Streams and resolves C2s via Telegram channels. Technical details: • GammaPhish exploits CVE-2025-8088 path travers
@DFIR_Radar
4 Jun 2026
333 Impressions
2 Retweets
5 Likes
2 Bookmarks
1 Reply
0 Quotes
Sekoia: Gamaredon targets Ukrainian government networks with USB worm modules hidden in NTFS Alternate Data Streams. Initial access via CVE-2025-8088 (WinRAR). C2 over Telegram and Cloudflare dead drops. https://t.co/TsFdWrdexH #CyberSecurity #ThreatIntel https://t.co/jp8PTDRzij
@securitydailyr
3 Jun 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gamaredon exploits WinRAR flaw (CVE-2025-8088) to deploy GammaWorm and GammaSteel malware in targeted cyberattacks against Ukrainian institutions. Read More: https://t.co/CJbxRn7xyo @WinRAR_RARLAB
@spinidg
3 Jun 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gamaredon sfrutta CVE-2025-8088 in WinRAR per distribuire GammaWorm e GammaSteel contro l’Ucraina il blog: https://t.co/FDyWCVyfrt #cybersecurity #apt #backdoor #cyberwar #fsb #gamaredon #infosec #malware #russia #ukraine #winrar https://t.co/wpMxHpreHK
@nuke86
3 Jun 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Gamaredon spear-phishing emails deliver RAR archives that exploit CVE-2025-8088 path traversal in WinRAR. Opening the archive writes an HTA file directly into a startup folder so it executes on next logon with no further clicks. The HTA is GammaPhish. It fetches GammaLoad, a
@SecureChap
3 Jun 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: Gamaredon exploits WinRAR CVE-2025-8088 to deploy GammaWorm and GammaSteel malware against Ukrainian government and critical infrastructure targets. https://t.co/erra37IMd6
@threatcluster
3 Jun 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian 🇷🇺 Gamaredon exploits CVE-2025-8088 WinRAR path traversal flaw to deploy GammaWorm and GammaSteel malware against Ukrainian 🇺🇦 targets via weaponized archives containing HTA payloads. #DFIR_Radar https://t.co/DPWMZ0YjmR
@DFIR_Radar
2 Jun 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Update WinRAR - CVE-2025-8088 #patchit https://t.co/SJucbZvlIz
@corerouter
2 Jun 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Another day, another reason to update your software. 😬 Researchers say the Russia-linked Gamaredon group is abusing a WinRAR vulnerability (CVE-2025-8088) to sneak malicious files onto systems and maintain access. https://t.co/jQbgJJIdLj
@ErichKron
2 Jun 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Gamaredon GammaWorm - FSB VBScript worm in NTFS ADS, WinRAR CVE-2025-8088 access. 9 detections, 42 IOCs. https://t.co/kUHfOAKAVQ #ThreatIntel #Gamaredon https://t.co/V6Gk7N3WGu
@threadlinqs
2 Jun 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'1070_26782818.rar' seen from Ukraine @abuse_ch CVE-2025-8088 https://t.co/E7G2NguIkf @500mk500 https://t.co/Bk0M2X3KyF
@smica83
28 May 2026
507 Impressions
3 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Pakistan’s cybersecurity authorities have issued an urgent nationwide warning after the discovery of a critical WinRAR vulnerability CVE-2025-8088, exposing millions of Windows systems to potential remote compromise. Read story: https://t.co/X8hAYMSXtV
@theasianmirror3
23 May 2026
247 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gamaredon targets critical systems by exploiting WinRAR vulnerability CVE-2025-8088 to drop GammaDrop malware. Secure your entry points now! #Gamaredon #WinRAR #CyberEspionage #InfoSec #ThreatIntel #MalwareAnalysis #GammaDrop #GammaLoad #Phishing https://t.co/1cSGsGhUK5 https://
@the_yellow_fall
18 May 2026
539 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
#APT #Sidewinder | #New #Variant | Targets #Pakistan Initial Dropper -> WinRAR ADS traversal vulnerabilities (CVE-2025-6218 & CVE-2025-8088) Decoy https://epms[.]ppra[.]gov[.]pk/public/tenders/invoice/TS0000000101E C2: docs.files-windows[.]top/j658K @500mk500 @MichalKo
@volrant136
14 May 2026
1176 Impressions
6 Retweets
16 Likes
6 Bookmarks
1 Reply
0 Quotes
Gamaredon, also known as Aqua Blizzard, Primitive Bear, Shuckworm or UAC-0010, has been exploiting CVE-2025-8088 to target Ukrainian organizations. Harfang Lab https://t.co/j5DK8LoyBv @harfanglab
@780thC
13 May 2026
1587 Impressions
12 Retweets
28 Likes
5 Bookmarks
0 Replies
0 Quotes
Russian 🇷🇺 Gamaredon continues targeting Ukrainian 🇺🇦 state institutions via spearphishing campaign exploiting CVE-2025-8088. Multi-stage VBScript downloaders profile infected systems through GammaDrop and GammaLoad tools. #DFIR_Radar https://t.co/2i3muAK5Jt
@DFIR_Radar
13 May 2026
280 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
'Scan_1_17_1_1950_04.05.2026.rar' seen from Ukraine @abuse_ch CVE-2025-8088 https://t.co/vbb7VmNwMg @500mk500 https://t.co/g3FFkI2TeF
@smica83
4 May 2026
326 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
WinRAR 7.21 corrige un bug de corruption d'archives introduit par la 7.20 et rappelle qu'il faut encore télécharger chaque mise à jour soi-même. Dix mois après le patch, la faille CVE-2025-8088 est toujours exploitée. https://t.co/zcmzYqhi1n
@Clubic
4 May 2026
724 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A tool most people trust without thinking twice. CVE-2025-8088 shows why that matters. OPSWAT Unit 515 traced the full extraction workflow in WinRAR to show how attacker-controlled content can land outside the intended directory entirely. Read the blog. https://t.co/LcgSW7uATk
@OPSWAT
20 Apr 2026
151 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'Archive.rar' seen from Russia @abuse_ch https://t.co/wAkufq5cpv CVE-2025-8088 exploit. @500mk500 https://t.co/Q6kmZ7LMjV
@smica83
16 Apr 2026
437 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
'Scan_4_15_6_1387_14.04.2026.rar' seen from Ukraine @abuse_ch https://t.co/C83Mitf3Qu CVE-2025-8088 exploit. @500mk500 https://t.co/RrQGKrW0LO
@smica83
15 Apr 2026
349 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' seen from Turkey @abuse_ch https://t.co/0fFrvVzsXD CVE-2025-8088 exploit https://t.co/MKnJZYH1aq
@smica83
14 Apr 2026
286 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
'Scan_3_12_5_1759_10.04.2026.rar' seen from Ukraine @abuse_ch CVE-2025-8088 exploit. https://t.co/GYvyvlBDj1 https://t.co/mAQyvlwDfm
@smica83
13 Apr 2026
825 Impressions
3 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Robin Dost analyses a UAC-0226 sample, identifying it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 & CVE-2025-8088; a LNK launches a payload that decodes a binary, uses chunked data exfiltration & reconstructs its C2 at runtime. https://t.co/aYxPm
@virusbtn
10 Apr 2026
818 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Scan attachment campaign from Ukraine with many different RAR archive variants as CVE-2025-8088 exploit @abuse_ch 'Scan_5_18_4_1202_09.04.2026.rar' https://t.co/4ca4PGj7bA Uploads are coming from Ukraine and Denmark. @500mk500 @_CERT_UA https://t.co/hNMKtPMIip
@smica83
9 Apr 2026
416 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
Відомості з реєстру військовозобов'язаних про працівників №20260409-7496423-1.rar (MD5:2af0a6135df3502a7f6de4d2de6db73b) uploaded from #UKRAINE, #exploit CVE-2025-8088 💩 @smica83 @polygonben https://t.co/M03SGaNx5O
@goldenjackel12
9 Apr 2026
548 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
1 Quote
'service global-e com_orders_2026.rar' @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088 https://t.co/lwqgGadnqr
@smica83
8 Apr 2026
428 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088
@smica83
8 Apr 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' as a possible #RomCom sample @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088 https://t.co/Nx8y0KvZA3
@smica83
8 Apr 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files.This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár. #vuln
@KlinkWow769
8 Apr 2026
174 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2022-40769 2 - CVE-2025-5777 3 - CVE-2025-8088 4 - CVE-2023-41064 5 - CVE-2026-21643 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 Apr 2026
256 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'fiyat teklifi.rar' seen from Germany as a CVE-2025-8088 exploit @abuse_ch https://t.co/LkMz5IGU9q https://t.co/z5V0Ee3uHG
@smica83
4 Apr 2026
485 Impressions
0 Retweets
3 Likes
2 Bookmarks
1 Reply
0 Quotes
'Виконавчий_лист_2_13_1_1956_02.03.2026.rar' seen from Ukraine @abuse_ch https://t.co/zDDmZktgqn CVE-2025-8088 exploit @500mk500 https://t.co/TJMvEGxkRq
@smica83
4 Apr 2026
406 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. GitHub Link: https://t.co/FFYhFRZZb6 #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBou
@Sadishyt
31 Mar 2026
140 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B WinRARの脆弱性CVE-2025-8088を中国・ロシア系ハッカーが現在も悪用中とGoogleが報告しています。自動更新機能がないため手動でv7.13への更新が必要です。WinRAR利用者の方はご確認ください。#セキ
@Anti_Ch_PCgc
29 Mar 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B 中国系グループ「Amaranth-Dragon」がWinRARの脆弱性CVE-2025-8088を悪用中です。自動更新機能がないため7.13以降に手動アップデートが必要ですよ。WinRARをお使いの方はご確認ください。#セキュリテ
@Anti_Ch_PCgc
27 Mar 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【中露、同一脆弱性を同時期に悪用しゼロデイ活用の加速が顕在化】 分析によれば、中国およびロシアのアクターが同一のWinRAR脆弱性(CVE-2025-8088)を同時期に悪用していたことが確認された。
@01ra66it
22 Mar 2026
377 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
圧縮・解凍ソフト WinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) セキュリティニュース https://t.co/Hi7yFVnYDd 投稿日時: 2026年02月06日 更新日時: 2026年02月06日
@tpmbiosfidorss
20 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📅 Date: September 2, 2025 🔎 Severity: Critical ⚠️ Affected: WinRAR versions earlier than 7.13 📚 Exploit Github: https://t.co/HZE0VKeqeN https://t.co/LRLlseYvum
@Hexsecteam
19 Mar 2026
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'Судова_повістка_2_17_8_1906_18.03.2026.rar' seen from Poland @abuse_ch https://t.co/pg4RSPYtKP CVE-2025-8088 https://t.co/fbWI2lXqjp
@smica83
19 Mar 2026
252 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 📞 55 2155 9757 ✉️ contacto@becc.com.mx #Hacking 📧 https://t.co/2C0kmrIAZv
@Becc_of
18 Mar 2026
88 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 💻🚨 No pongas en riesgo tu información. Mantente informado y protegido con Barbeyto’s News. Asesoría en ciberseguridad: 📞 55 2155 9757 📧 contacto@becc.com.
@Becc_of
18 Mar 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.rar' seen from Ukraine @abuse_ch https://t.co/zWSF4Y3wr7 CVE-2025-8088 @500mk500
@smica83
17 Mar 2026
542 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
'Запит_3_12_4_1480_13.03.2026.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/CFOosUJMlO @500mk500 https://t.co/L3sbi6EmPN
@smica83
16 Mar 2026
535 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Malicious HTML attachment seen from Ukraine @abuse_ch https://t.co/yuqtbTFtvk URL: hxxp://212.193.20(.)110/AkkUa-10-03 (Latvia) Drops this CVE-2025-8088 exploit: https://t.co/k39CqAoqC1 @500mk500 https://t.co/7GrWPxGWhX
@smica83
10 Mar 2026
531 Impressions
3 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 exploit seen from Cambodia @abuse_ch https://t.co/LCPsKDIXeq https://t.co/ko51DW6wgu
@smica83
9 Mar 2026
736 Impressions
1 Retweet
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Miliony w niebezpieczeństwie — luka WinRAR wciąż atakowana: Alarm w archiwach — luka WinRAR żyje i ma się dobrze. Google informuje, że CVE-2025-8088 — ta sama, o której pisaliśmy w sierpniu… https://t.co/EG22HtNJDZ #WinRAR #bezpieczeństwo #cyberatak #lukaBezpiecz
@MetaPlayZone
7 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Рота забезпечення.rar' seen from Ukraine @abuse_ch https://t.co/P1E8o6WncE CVE-2025-8088 and 6218 exploit. @500mk500 https://t.co/qj9yD5QYS1
@smica83
5 Mar 2026
346 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
中國 APT 組織 Amaranth-Dragon 利用 CVE-2025-8088 漏洞,8 天內就展開攻擊,鎖定東南亞 6 國政府機關與執法單位,行動與 APT41 高度重疊。 ref:https://t.co/jIKTonZXHs @PTTNetSecurity @cheng527 @Military_idv_tw
@lfcba8178
4 Mar 2026
122 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]