AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
More #Gamaredon for today @abuse_ch '3_8_2_7442_13.11.2025.rar' https://t.co/Ph7mZM0soD '2_7_4_62_13.11.2025.rar' https://t.co/cgKkgMvgbw CVE-2025-8088 and 6218 exploits. https://t.co/vQu8ccnacB
@smica83
13 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'2_1_1_7755_11.11.2025.rar' as a #Gamaredon sample again, seen from Ukraine today @abuse_ch https://t.co/vYyQdGTZtj CVE-2025-8088 CVE-2025-6218 @500mk500 https://t.co/PzRNOp6u6C
@smica83
12 Nov 2025
533 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and CVE-2025-6218 'KrakenVM_2.rar' seen from Bosnia and Herzegovina @abuse_ch https://t.co/KYB1WSoLIw Looks like #AsyncRAT inside. https://t.co/hasA9JeDc7
@smica83
12 Nov 2025
237 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Use "7z l -sns" to list any Alternate Data Streams (ADS) contained in a RAR file #Malware CVE-2025-6218 CVE-2025-8088 https://t.co/BPJFKLQSTp
@ochsenmeier
11 Nov 2025
3559 Impressions
8 Retweets
62 Likes
23 Bookmarks
1 Reply
0 Quotes
Still low detected one since August: 'portfolio.rar' seen from Poland @abuse_ch https://t.co/vP3d5KmWC0 CVE-2025-6218 CVE-2025-8088 @hasherezade https://t.co/CD6e2lSSSI
@smica83
11 Nov 2025
237 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 exploit, named 'Resume.rar' seen from Pakistan @abuse_ch https://t.co/OGCdCdRCwe https://t.co/IaWvBRqNoj
@smica83
11 Nov 2025
217 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 continuously exploited by #Gamaredon in Ukraine. 3 samples from today: https://t.co/lELwXJOdfk https://t.co/D3EPYtWLiy https://t.co/9x6nMGB0i8 @500mk500 @Dixit_404 @skocherhan https://t.co/0U1IF5Pp6w
@smica83
11 Nov 2025
1494 Impressions
5 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
📷 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📷 Date: September 2, 2025 📷 Severity: Critical 📷 Affected: WinRAR versions earlier than 7.13 📷 What’s happening? A new vulnerability (CVE-2025-8088) in WinRAR allows specially crafted .
@HackingTeam777
5 Nov 2025
976 Impressions
2 Retweets
18 Likes
12 Bookmarks
0 Replies
0 Quotes
政府機関を狙うGamaredonグループが、圧縮ソフトWinRARの重大脆弱性CVE-2025-8088を悪用するフィッシング攻撃を展開していることが判明した。改ざんRARを開くだけでマルウェアが自動配置される極めて危険な手口で
@yousukezan
28 Oct 2025
1233 Impressions
2 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
Gamaredon Phishing Attacks Exploit WinRAR Flaw to Target Governments Cybersecurity researchers reveal Gamaredon’s advanced phishing campaign targeting government agencies via CVE-2025-8088, a WinRAR path traversal flaw. The attack uses weaponized RAR files to silently deliver
@Secwiserapp
28 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨We've identified a new wave of #Gamaredon #phishing activity targeting 🇺🇦 government entities. Attackers are abusing #CVE-2025-8088 (WinRAR path traversal) to deliver RAR archives that silently drop HTA malware into the Startup folder — no user interaction needed beyo
@GenThreatLabs
27 Oct 2025
2258 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-8088 PoC: WinRAR for Windows path traversal allows arbitrary code execution via crafted archives GitHub PoC: https://t.co/UCcbfQsyAs Video Credit: https://t.co/4c5pTZBrSz Advisory: https://t.co/QIAO95zUZb CVSS: 8.4 https://t.co/Tb8VPl42yU
@DarkWebInformer
20 Oct 2025
17086 Impressions
61 Retweets
272 Likes
142 Bookmarks
3 Replies
1 Quote
Actively exploited CVE : CVE-2025-8088
@transilienceai
5 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
RomCom, also known as Storm-0978, has transformed into a hybrid threat actor, exploiting the WinRAR zero-day CVE-2025-8088 to deploy backdoor malware like SnipBot and RustyClaw by 2025. #CyberSecurity #RomCom https://t.co/kdq4bb9LSU
@Cyber_O51NT
3 Oct 2025
1128 Impressions
7 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
A "crypto tools" bundle (including a purported Kraken enumeration script) turned out to be a suspected RomCom payload. This uses CVE-2025-8088, a path traversal in WinRAR, to drop a fake Ledger app. #dfir #malware #threathunting https://t.co/E16Deu7b0O
@__noided
30 Sept 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2024-36401 3 - CVE-2025-8088 4 - CVE-2025-0309 5 - CVE-2024-38399 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gear up for the weekend securely! As zero-day exploits surge in 2025, WinRAR's CVE-2025-8088 is being weaponized for remote code execution via crafted archives, putting millions at risk. Opt for decentralized tools like FrostByte: no cloud vulnerabilities, keeping your vaults h
@frostbyteapp
26 Sept 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5 https://t.co/aSwiIxrX8G
@ESETresearch
26 Sept 2025
9886 Impressions
33 Retweets
95 Likes
22 Bookmarks
1 Reply
2 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
26 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
24 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
WinRAR Zero-Day Actively Exploited — CVE-2025-8088 https://t.co/akUD1rwdxF https://t.co/lvyYH5k0Hr
@Delana_Tech_Llc
19 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESET researchers report that the vulnerability, designated CVE-2025-8088, is being actively exploited by the Russian-linked RomCom group. The described vulnerability was patched in WinRAR version 7.13 and only affects Windows systems. https://t.co/gUM90nbexU
@rootzona
17 Sept 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
17 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ WinRAR sotto attacco. Scoperta una zero-day (CVE-2025-8088) che consente di eseguire malware nascosti nei file RAR. 🔐 Aggiorna subito alla versione 7.13. 👉 Dettagli: https://t.co/lORk601tDk #WinRAR #CyberAttack #ZeroDay #Cybersecurity https://t.co/15ky8LuHzx
@coondivido
16 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
16 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In August 2025, Recorded Future's Insikt Group identified 18 high-impact vulnerabilities, down from 22 in July, with Citrix and D-Link flaws dominating; 16 remain Very Critical, including CVE-2025-8088 exploited by the RomCom group. #CyberSecurity https://t.co/HKA23L0Akn
@Cyber_O51NT
16 Sept 2025
570 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild https://t.co/qYKckuR2e8
@ByteCheck101
15 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
15 Sept 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ New WinRAR vuln (CVE-2025-8088) exploited by Russia-linked RomCom group → silent backdoors across companies. Patch fast or pay later. Is your patching strategy protection—or compliance theater? https://t.co/mdVD2iTS3E #ZeroDay #CyberInsurance #RiskManagement http
@MNovofastovsky
11 Sept 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability: RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
@ZeroDayFacts
10 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical WinRAR flaw (CVE-2025-8088) is being actively exploited & is listed in the CISA KEV Catalog. With @Qualys TruRisk™ Eliminate, organizations can patch, remediate, mitigate - or uninstall vulnerable versions, all from one platform. Read more: https://t.co/ev2Px2e3A
@qualys
8 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 are two critical zero-day vulnerabilities affecting WinRAR. Learn everything about them in our latest Issue. Read it now on ZINIO. https://t.co/KWAzT5ZNrm #cybersecurity #cybersec #infosec #pentesting #cve-2025-6218 #CVE-2025-8088 #WinRAR-0-day
@Hackercool_mag
7 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Eliminate WinRAR CVE-2025-8088 with TruRisk Eliminate | Qualys https://t.co/beC6aDifEN
@PVynckier
7 Sept 2025
130 Impressions
4 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
5 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💀 CVE-2025-8088: WinRAR ‘ExtractFile()’ path traversal bug allows evil .rar to drop payload in Startup → full RCE. PoC: evil.rar → ../../../../Start Menu/Programs/Startup/evil.bat Fix & details: https://t.co/tYXSezqIAg #Infosec #WinRAR #CVE2025 #BugBounty
@NullSecurityX
3 Sept 2025
7183 Impressions
16 Retweets
76 Likes
36 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-8088 – WinRAR Directory Traversal RCE Malicious .rar archives can drop files into Startup folders → Remote Code Execution. Critical vulnerability. Read the full breakdown 👇 https://t.co/tYXSezqIAg #CVE20258088 #WinRAR #BugBounty #CyberSecurity
@NullSecurityX
2 Sept 2025
771 Impressions
3 Retweets
26 Likes
12 Bookmarks
1 Reply
1 Quote
🚨 WinRAR CVE-2025-8088: The invisible persistence SOCs can’t afford to miss Attackers are abusing Alternate Data Streams (ADS) to perform path traversal during archive extraction. By appending colon symbol (:) in file names, they sneak hidden objects into system folders ht
@anyrun_app
1 Sept 2025
11910 Impressions
50 Retweets
153 Likes
91 Bookmarks
0 Replies
2 Quotes
RomCom exploits CVE-2025-8088: phish RAR → Startup-folder persistence → C2 exfil. Patch WinRAR 7.13+. 📦 Read & subscribe: https://t.co/Ne0nPQxDB0 #AlphaHunt #CyberSecurity #WinRAR
@alphahunt_io
29 Aug 2025
41 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ New WinRAR Zero-Day Vulnerability (CVE-2025-8088) Found! https://t.co/ijG52qKJhv In my latest blog, I break down: ✅ How the vulnerability works ✅ Who’s being targeted ✅ How to stay protected with the latest update https://t.co/plL38Qi680
@umidcybers
27 Aug 2025
118 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
New #ZeroDay alert: CVE-2025-8088 in WinRAR is being actively exploited. Hackers are hiding malware in RAR job apps → dropping DLLs + shortcuts for persistence. 🛡️ Patch to WinRAR 7.13+ now. Don’t let RomCom actors turn your inbox into their backdoor. #CyberSecurity ht
@intxorg
27 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Update WinRAR NOW! ESET found CVE-2025-8088 actively exploited by RomCom APT group. Weaponized RAR files → hidden DLL/LNK payloads → financial, defense, and logistics targets hit. Patch released July 30, 2025 → WinRAR 7.13 Stay safe, upgrade ASAP. #CyberSecurity #Infos
@0xOverclock
27 Aug 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR zero-day (CVE-2025-8088) now weaponized by RomCom & Paper Werewolf. Malicious .rar drops backdoors into Startup folders—no user suspicion required. 𝗣𝗮𝘁𝗰𝗵 𝘁𝗼 𝘃𝟳.𝟭𝟯 𝗔𝗦𝗔𝗣. Read details here: https://t.co/MCs83gBLmP #ZeroDay
@securitydailyr
26 Aug 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
WinRAR users beware two critical vulnerabilities CVE-2025-6218 and CVE-2025-8088 allow attackers to write files outside intended extraction directories leading to persistent infections and remote code execution in enterprise environments. CVE-2025-6218 is a traditional
@Tudorel92659164
26 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! https://t.co/38pMK6rl
@_JohnHammond
26 Aug 2025
40047 Impressions
66 Retweets
303 Likes
158 Bookmarks
7 Replies
4 Quotes
Two high-severity vulnerabilities in WinRAR (CVE-2025-6218 & CVE-2025-8088) allow attackers to exploit path traversal and NTFS ADS for stealthy persistence and RCE, with active exploitation observed by threat actors like RomCom. #CyberSecurity #WinRAR https://t.co/iux0iDWr2U
@Cyber_O51NT
26 Aug 2025
240 Impressions
1 Retweet
3 Likes
1 Bookmark
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
24 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨ALERT Cybersecurity: Threat actor group Paper Werewolf is exploiting a WinRAR zero-day vulnerability (CVE-2025-8088). They bypass email security to deliver malware directly to targets. Users are urged to update to WinRAR version 7.13 to mitigate risks. https://t.co/x3FwAHqnCC
@The_SentinelX
21 Aug 2025
70 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
20 Aug 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
19 Aug 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
WinRAR kena exploit baru yang dikaitin sama hacker Rusia RomCom. Celah CVE-2025-8088 bisa nanem backdoor malware lewat file archive. Udah dipatch di versi 7.13 tapi harus manual update sendiri karena WinRAR gak ada auto-update. Source : Tom's Hardware #arxidmedia https://t.co/LV4
@arxidmedia
19 Aug 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]