AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
The following vulnerabilities have been added to our feed: CVE-2024-51324: Baidu Antivirus PPL CVE-2025-25257: FortiWeb SQL Injection and Command Injection CVE-2025-8088: WinRAR Directory Traversal ZDI-CAN-26372: Windows Theme File Parsing NTLM Leak https://t.co/av7UZS4SWf
@crowdfense
8 Jan 2026
1303 Impressions
5 Retweets
13 Likes
7 Bookmarks
0 Replies
0 Quotes
'Package of documents.rar' @abuse_ch https://t.co/gjhPbZ4Jd0 CVE-2025-8088 exploit. Domains: morozmyau-658(.)cfd velvetpaw2031(.)cfd Coyote PDF seen many times already. https://t.co/nAcrgjT2Jk
@smica83
6 Jan 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'data zip' CVE-2025-6218 and CVE-2025-8088 exploit seen from Bulgaria @abuse_ch https://t.co/fF82GcFdN5 https://t.co/xl64oBbQme
@smica83
4 Jan 2026
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#100DaysofYARA - Day 2 YARA rule to detect RAR samples exploiting CVE-2025-8088 👇 https://t.co/SkgakOYfIJ https://t.co/NR5lJeDeTJ
@t3ft3lb
2 Jan 2026
914 Impressions
1 Retweet
7 Likes
1 Bookmark
1 Reply
1 Quote
当通过CVE-2025-8088进行漏洞利用时,受害者只能看到一个诱饵文件,真正的恶意程序以NTFS备用数据流附加在诱饵文件上。此时攻击者还会通过伪造无效的NTFS备用数据流路径以掩盖真正的释放载荷失败的警告。 #破
@GinetteS9200k3
29 Dec 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical zero-day vulnerability (CVE-2025-8088) affecting WinRAR is currently being exploited by various threat groups. This issue presents substantial risks to both individual users and organizations. With cyber threats evolving rapidly, it’s vital for everyone, be it https:
@BetterWorldTech
29 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WinRAR Vulnerability (CVE-2025-8088) Exploit 🚨 WinRAR ≤ 7.12 allows attackers to execute code via malicious RAR files. Update to v7.13 ASAP! 🔗 Learn more: https://t.co/Ks9WWSa25s #CVE2025 #WinRAR #CyberSecurity #SecurityUpdate #PatchNow
@KillerFungi2022
27 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
cve-2025-8088 #ad #exploit 🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders. https://t.co/s15sZocQYk
@TheExploitLab
22 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"APT-C-26(Lazarus)组织利用WinRAR漏洞部署Blank Grabber木马的技术分析" published by Qihoo360. #APT-C-26, #BlankGrabber, #CVE-2025-8088, #DPRK, #CTI https://t.co/osJ5F5uL82
@lazarusholic
13 Dec 2025
432 Impressions
0 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
#Lazarus + Winrar CVE-2025-8088 + Malware "Blank Grabber" = Data (Browser + Telegram + Discord +Wallets) https://t.co/yUtmOgqoXw ref: Password:!!!HappyPenguin1950!!! https://t.co/DOQCpYEgJw https://t.co/nQWakTglOJ
@blackorbird
12 Dec 2025
4648 Impressions
14 Retweets
46 Likes
23 Bookmarks
0 Replies
2 Quotes
'salary_staistics.rar' seen from Viet Nam @abuse_ch CVE-2025-6218 and CVE-2025-8088 exploit https://t.co/UHxOvLKO68 @skocherhan https://t.co/NEldvm0hEu
@smica83
7 Dec 2025
5199 Impressions
5 Retweets
36 Likes
14 Bookmarks
0 Replies
1 Quote
#threatreport #MediumCompleteness APT-C-53 (Gamaredon) phishing attack campaign using CVE-2025-8088 | 06-12-2025 Source: https://t.co/iiggvlQFx8 Key details below ↓ 🧑💻Actors/Campaigns: Gamaredon 💀Threats: Spear-phishing_technique, 🎯Victims: Ukrainian governmen
@rst_cloud
6 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent monitoring by 360 Threat Research Institute reveals that the Gamaredon group is leveraging CVE-2025-8088 to conduct spear-phishing attacks against Ukrainian government entities, emphasizing the need for enhanced security measures. #CyberSecurity https://t.co/y8SpVrzYEX
@Cyber_O51NT
6 Dec 2025
822 Impressions
6 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Due to lack of auto-update mechanisms: Exploits in software like winrar (CVE-2025-8088) and 7-zip (CVE-2025-041) are the gift that keeps on giving for threat actors 🎅🎄🎅 https://t.co/tx3lKdo0sB
@cglyer
5 Dec 2025
656 Impressions
0 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Autumn Dragonは中国系と推定され、DLLサイドローディングとWinRARゼロデイ(CVE-2025-8088)を組み合わせた多段階の感染チェーンにより、高度なステルス性と持続性を備えた侵入を実行しています。 特に、政府機関
@t_nihonmatsu
27 Nov 2025
1363 Impressions
3 Retweets
17 Likes
2 Bookmarks
0 Replies
2 Quotes
The Autumn Dragon APT targets Southeast Asian governments and media through WinRAR flaw CVE-2025-8088, using DLL sideloading and Telegram C2 backdoor for covert espionage. #China #SoutheastAsia #AutumnDragon https://t.co/v7n5E3XCby
@TweetThreatNews
25 Nov 2025
113 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🐉 New APT campaign "Autumn Dragon" targets Southeast Asian governments & media. Linked to China, the group uses spearphishing and a WinRAR flaw (CVE-2025-8088) for espionage related to the South China Sea. #APT #CyberEspionage #ThreatIntel 🔗 https://t.co/289LBRxvPI
@NetSecIO
24 Nov 2025
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'GmailPrompter.rar' seen from Germany @abuse_ch CVE-2025-8088 and 6218 exploit https://t.co/GK3y5xrkmo https://t.co/3kXts96hoE
@smica83
14 Nov 2025
163 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
More #Gamaredon for today @abuse_ch '3_8_2_7442_13.11.2025.rar' https://t.co/Ph7mZM0soD '2_7_4_62_13.11.2025.rar' https://t.co/cgKkgMvgbw CVE-2025-8088 and 6218 exploits. https://t.co/vQu8ccnacB
@smica83
13 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies. The post Russian Hackers Exploited WinRAR Zero-Day in Atta.
@SecurityAid
13 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'2_1_1_7755_11.11.2025.rar' as a #Gamaredon sample again, seen from Ukraine today @abuse_ch https://t.co/vYyQdGTZtj CVE-2025-8088 CVE-2025-6218 @500mk500 https://t.co/PzRNOp6u6C
@smica83
12 Nov 2025
533 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and CVE-2025-6218 'KrakenVM_2.rar' seen from Bosnia and Herzegovina @abuse_ch https://t.co/KYB1WSoLIw Looks like #AsyncRAT inside. https://t.co/hasA9JeDc7
@smica83
12 Nov 2025
237 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Use "7z l -sns" to list any Alternate Data Streams (ADS) contained in a RAR file #Malware CVE-2025-6218 CVE-2025-8088 https://t.co/BPJFKLQSTp
@ochsenmeier
11 Nov 2025
3559 Impressions
8 Retweets
62 Likes
23 Bookmarks
1 Reply
0 Quotes
Still low detected one since August: 'portfolio.rar' seen from Poland @abuse_ch https://t.co/vP3d5KmWC0 CVE-2025-6218 CVE-2025-8088 @hasherezade https://t.co/CD6e2lSSSI
@smica83
11 Nov 2025
237 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 exploit, named 'Resume.rar' seen from Pakistan @abuse_ch https://t.co/OGCdCdRCwe https://t.co/IaWvBRqNoj
@smica83
11 Nov 2025
217 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 continuously exploited by #Gamaredon in Ukraine. 3 samples from today: https://t.co/lELwXJOdfk https://t.co/D3EPYtWLiy https://t.co/9x6nMGB0i8 @500mk500 @Dixit_404 @skocherhan https://t.co/0U1IF5Pp6w
@smica83
11 Nov 2025
1494 Impressions
5 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
📷 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📷 Date: September 2, 2025 📷 Severity: Critical 📷 Affected: WinRAR versions earlier than 7.13 📷 What’s happening? A new vulnerability (CVE-2025-8088) in WinRAR allows specially crafted .
@HackingTeam777
5 Nov 2025
976 Impressions
2 Retweets
18 Likes
12 Bookmarks
0 Replies
0 Quotes
政府機関を狙うGamaredonグループが、圧縮ソフトWinRARの重大脆弱性CVE-2025-8088を悪用するフィッシング攻撃を展開していることが判明した。改ざんRARを開くだけでマルウェアが自動配置される極めて危険な手口で
@yousukezan
28 Oct 2025
1233 Impressions
2 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
Gamaredon Phishing Attacks Exploit WinRAR Flaw to Target Governments Cybersecurity researchers reveal Gamaredon’s advanced phishing campaign targeting government agencies via CVE-2025-8088, a WinRAR path traversal flaw. The attack uses weaponized RAR files to silently deliver
@Secwiserapp
28 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨We've identified a new wave of #Gamaredon #phishing activity targeting 🇺🇦 government entities. Attackers are abusing #CVE-2025-8088 (WinRAR path traversal) to deliver RAR archives that silently drop HTA malware into the Startup folder — no user interaction needed beyo
@GenThreatLabs
27 Oct 2025
2258 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-8088 PoC: WinRAR for Windows path traversal allows arbitrary code execution via crafted archives GitHub PoC: https://t.co/UCcbfQsyAs Video Credit: https://t.co/4c5pTZBrSz Advisory: https://t.co/QIAO95zUZb CVSS: 8.4 https://t.co/Tb8VPl42yU
@DarkWebInformer
20 Oct 2025
17086 Impressions
61 Retweets
272 Likes
142 Bookmarks
3 Replies
1 Quote
Actively exploited CVE : CVE-2025-8088
@transilienceai
5 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
RomCom, also known as Storm-0978, has transformed into a hybrid threat actor, exploiting the WinRAR zero-day CVE-2025-8088 to deploy backdoor malware like SnipBot and RustyClaw by 2025. #CyberSecurity #RomCom https://t.co/kdq4bb9LSU
@Cyber_O51NT
3 Oct 2025
1128 Impressions
7 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
A "crypto tools" bundle (including a purported Kraken enumeration script) turned out to be a suspected RomCom payload. This uses CVE-2025-8088, a path traversal in WinRAR, to drop a fake Ledger app. #dfir #malware #threathunting https://t.co/E16Deu7b0O
@__noided
30 Sept 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2024-36401 3 - CVE-2025-8088 4 - CVE-2025-0309 5 - CVE-2024-38399 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gear up for the weekend securely! As zero-day exploits surge in 2025, WinRAR's CVE-2025-8088 is being weaponized for remote code execution via crafted archives, putting millions at risk. Opt for decentralized tools like FrostByte: no cloud vulnerabilities, keeping your vaults h
@frostbyteapp
26 Sept 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5 https://t.co/aSwiIxrX8G
@ESETresearch
26 Sept 2025
9886 Impressions
33 Retweets
95 Likes
22 Bookmarks
1 Reply
2 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
26 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
24 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
WinRAR Zero-Day Actively Exploited — CVE-2025-8088 https://t.co/akUD1rwdxF https://t.co/lvyYH5k0Hr
@Delana_Tech_Llc
19 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESET researchers report that the vulnerability, designated CVE-2025-8088, is being actively exploited by the Russian-linked RomCom group. The described vulnerability was patched in WinRAR version 7.13 and only affects Windows systems. https://t.co/gUM90nbexU
@rootzona
17 Sept 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
17 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ WinRAR sotto attacco. Scoperta una zero-day (CVE-2025-8088) che consente di eseguire malware nascosti nei file RAR. 🔐 Aggiorna subito alla versione 7.13. 👉 Dettagli: https://t.co/lORk601tDk #WinRAR #CyberAttack #ZeroDay #Cybersecurity https://t.co/15ky8LuHzx
@coondivido
16 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
16 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In August 2025, Recorded Future's Insikt Group identified 18 high-impact vulnerabilities, down from 22 in July, with Citrix and D-Link flaws dominating; 16 remain Very Critical, including CVE-2025-8088 exploited by the RomCom group. #CyberSecurity https://t.co/HKA23L0Akn
@Cyber_O51NT
16 Sept 2025
570 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild https://t.co/qYKckuR2e8
@ByteCheck101
15 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
15 Sept 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ New WinRAR vuln (CVE-2025-8088) exploited by Russia-linked RomCom group → silent backdoors across companies. Patch fast or pay later. Is your patching strategy protection—or compliance theater? https://t.co/mdVD2iTS3E #ZeroDay #CyberInsurance #RiskManagement http
@MNovofastovsky
11 Sept 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability: RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
@ZeroDayFacts
10 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical WinRAR flaw (CVE-2025-8088) is being actively exploited & is listed in the CISA KEV Catalog. With @Qualys TruRisk™ Eliminate, organizations can patch, remediate, mitigate - or uninstall vulnerable versions, all from one platform. Read more: https://t.co/ev2Px2e3A
@qualys
8 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]