AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
🚨 WinRAR Vulnerability (CVE-2025-8088) Exploit 🚨 WinRAR ≤ 7.12 allows attackers to execute code via malicious RAR files. Update to v7.13 ASAP! 🔗 Learn more: https://t.co/Ks9WWSa25s #CVE2025 #WinRAR #CyberSecurity #SecurityUpdate #PatchNow
@KillerFungi2022
27 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
cve-2025-8088 #ad #exploit 🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders. https://t.co/s15sZocQYk
@TheExploitLab
22 Dec 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"APT-C-26(Lazarus)组织利用WinRAR漏洞部署Blank Grabber木马的技术分析" published by Qihoo360. #APT-C-26, #BlankGrabber, #CVE-2025-8088, #DPRK, #CTI https://t.co/osJ5F5uL82
@lazarusholic
13 Dec 2025
432 Impressions
0 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
#Lazarus + Winrar CVE-2025-8088 + Malware "Blank Grabber" = Data (Browser + Telegram + Discord +Wallets) https://t.co/yUtmOgqoXw ref: Password:!!!HappyPenguin1950!!! https://t.co/DOQCpYEgJw https://t.co/nQWakTglOJ
@blackorbird
12 Dec 2025
4648 Impressions
14 Retweets
46 Likes
23 Bookmarks
0 Replies
2 Quotes
'salary_staistics.rar' seen from Viet Nam @abuse_ch CVE-2025-6218 and CVE-2025-8088 exploit https://t.co/UHxOvLKO68 @skocherhan https://t.co/NEldvm0hEu
@smica83
7 Dec 2025
5199 Impressions
5 Retweets
36 Likes
14 Bookmarks
0 Replies
1 Quote
#threatreport #MediumCompleteness APT-C-53 (Gamaredon) phishing attack campaign using CVE-2025-8088 | 06-12-2025 Source: https://t.co/iiggvlQFx8 Key details below ↓ 🧑💻Actors/Campaigns: Gamaredon 💀Threats: Spear-phishing_technique, 🎯Victims: Ukrainian governmen
@rst_cloud
6 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent monitoring by 360 Threat Research Institute reveals that the Gamaredon group is leveraging CVE-2025-8088 to conduct spear-phishing attacks against Ukrainian government entities, emphasizing the need for enhanced security measures. #CyberSecurity https://t.co/y8SpVrzYEX
@Cyber_O51NT
6 Dec 2025
822 Impressions
6 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Due to lack of auto-update mechanisms: Exploits in software like winrar (CVE-2025-8088) and 7-zip (CVE-2025-041) are the gift that keeps on giving for threat actors 🎅🎄🎅 https://t.co/tx3lKdo0sB
@cglyer
5 Dec 2025
656 Impressions
0 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
Autumn Dragonは中国系と推定され、DLLサイドローディングとWinRARゼロデイ(CVE-2025-8088)を組み合わせた多段階の感染チェーンにより、高度なステルス性と持続性を備えた侵入を実行しています。 特に、政府機関
@t_nihonmatsu
27 Nov 2025
1363 Impressions
3 Retweets
17 Likes
2 Bookmarks
0 Replies
2 Quotes
The Autumn Dragon APT targets Southeast Asian governments and media through WinRAR flaw CVE-2025-8088, using DLL sideloading and Telegram C2 backdoor for covert espionage. #China #SoutheastAsia #AutumnDragon https://t.co/v7n5E3XCby
@TweetThreatNews
25 Nov 2025
113 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🐉 New APT campaign "Autumn Dragon" targets Southeast Asian governments & media. Linked to China, the group uses spearphishing and a WinRAR flaw (CVE-2025-8088) for espionage related to the South China Sea. #APT #CyberEspionage #ThreatIntel 🔗 https://t.co/289LBRxvPI
@NetSecIO
24 Nov 2025
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'GmailPrompter.rar' seen from Germany @abuse_ch CVE-2025-8088 and 6218 exploit https://t.co/GK3y5xrkmo https://t.co/3kXts96hoE
@smica83
14 Nov 2025
163 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
More #Gamaredon for today @abuse_ch '3_8_2_7442_13.11.2025.rar' https://t.co/Ph7mZM0soD '2_7_4_62_13.11.2025.rar' https://t.co/cgKkgMvgbw CVE-2025-8088 and 6218 exploits. https://t.co/vQu8ccnacB
@smica83
13 Nov 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies. The post Russian Hackers Exploited WinRAR Zero-Day in Atta.
@SecurityAid
13 Nov 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'2_1_1_7755_11.11.2025.rar' as a #Gamaredon sample again, seen from Ukraine today @abuse_ch https://t.co/vYyQdGTZtj CVE-2025-8088 CVE-2025-6218 @500mk500 https://t.co/PzRNOp6u6C
@smica83
12 Nov 2025
533 Impressions
3 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and CVE-2025-6218 'KrakenVM_2.rar' seen from Bosnia and Herzegovina @abuse_ch https://t.co/KYB1WSoLIw Looks like #AsyncRAT inside. https://t.co/hasA9JeDc7
@smica83
12 Nov 2025
237 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Use "7z l -sns" to list any Alternate Data Streams (ADS) contained in a RAR file #Malware CVE-2025-6218 CVE-2025-8088 https://t.co/BPJFKLQSTp
@ochsenmeier
11 Nov 2025
3559 Impressions
8 Retweets
62 Likes
23 Bookmarks
1 Reply
0 Quotes
Still low detected one since August: 'portfolio.rar' seen from Poland @abuse_ch https://t.co/vP3d5KmWC0 CVE-2025-6218 CVE-2025-8088 @hasherezade https://t.co/CD6e2lSSSI
@smica83
11 Nov 2025
237 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 exploit, named 'Resume.rar' seen from Pakistan @abuse_ch https://t.co/OGCdCdRCwe https://t.co/IaWvBRqNoj
@smica83
11 Nov 2025
217 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 continuously exploited by #Gamaredon in Ukraine. 3 samples from today: https://t.co/lELwXJOdfk https://t.co/D3EPYtWLiy https://t.co/9x6nMGB0i8 @500mk500 @Dixit_404 @skocherhan https://t.co/0U1IF5Pp6w
@smica83
11 Nov 2025
1494 Impressions
5 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
📷 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📷 Date: September 2, 2025 📷 Severity: Critical 📷 Affected: WinRAR versions earlier than 7.13 📷 What’s happening? A new vulnerability (CVE-2025-8088) in WinRAR allows specially crafted .
@HackingTeam777
5 Nov 2025
976 Impressions
2 Retweets
18 Likes
12 Bookmarks
0 Replies
0 Quotes
政府機関を狙うGamaredonグループが、圧縮ソフトWinRARの重大脆弱性CVE-2025-8088を悪用するフィッシング攻撃を展開していることが判明した。改ざんRARを開くだけでマルウェアが自動配置される極めて危険な手口で
@yousukezan
28 Oct 2025
1233 Impressions
2 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
Gamaredon Phishing Attacks Exploit WinRAR Flaw to Target Governments Cybersecurity researchers reveal Gamaredon’s advanced phishing campaign targeting government agencies via CVE-2025-8088, a WinRAR path traversal flaw. The attack uses weaponized RAR files to silently deliver
@Secwiserapp
28 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨We've identified a new wave of #Gamaredon #phishing activity targeting 🇺🇦 government entities. Attackers are abusing #CVE-2025-8088 (WinRAR path traversal) to deliver RAR archives that silently drop HTA malware into the Startup folder — no user interaction needed beyo
@GenThreatLabs
27 Oct 2025
2258 Impressions
7 Retweets
25 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-8088 PoC: WinRAR for Windows path traversal allows arbitrary code execution via crafted archives GitHub PoC: https://t.co/UCcbfQsyAs Video Credit: https://t.co/4c5pTZBrSz Advisory: https://t.co/QIAO95zUZb CVSS: 8.4 https://t.co/Tb8VPl42yU
@DarkWebInformer
20 Oct 2025
17086 Impressions
61 Retweets
272 Likes
142 Bookmarks
3 Replies
1 Quote
Actively exploited CVE : CVE-2025-8088
@transilienceai
5 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
RomCom, also known as Storm-0978, has transformed into a hybrid threat actor, exploiting the WinRAR zero-day CVE-2025-8088 to deploy backdoor malware like SnipBot and RustyClaw by 2025. #CyberSecurity #RomCom https://t.co/kdq4bb9LSU
@Cyber_O51NT
3 Oct 2025
1128 Impressions
7 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
A "crypto tools" bundle (including a purported Kraken enumeration script) turned out to be a suspected RomCom payload. This uses CVE-2025-8088, a path traversal in WinRAR, to drop a fake Ledger app. #dfir #malware #threathunting https://t.co/E16Deu7b0O
@__noided
30 Sept 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2024-36401 3 - CVE-2025-8088 4 - CVE-2025-0309 5 - CVE-2024-38399 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gear up for the weekend securely! As zero-day exploits surge in 2025, WinRAR's CVE-2025-8088 is being weaponized for remote code execution via crafted archives, putting millions at risk. Opt for decentralized tools like FrostByte: no cloud vulnerabilities, keeping your vaults h
@frostbyteapp
26 Sept 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5 https://t.co/aSwiIxrX8G
@ESETresearch
26 Sept 2025
9886 Impressions
33 Retweets
95 Likes
22 Bookmarks
1 Reply
2 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
26 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
24 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
WinRAR Zero-Day Actively Exploited — CVE-2025-8088 https://t.co/akUD1rwdxF https://t.co/lvyYH5k0Hr
@Delana_Tech_Llc
19 Sept 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESET researchers report that the vulnerability, designated CVE-2025-8088, is being actively exploited by the Russian-linked RomCom group. The described vulnerability was patched in WinRAR version 7.13 and only affects Windows systems. https://t.co/gUM90nbexU
@rootzona
17 Sept 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
17 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ WinRAR sotto attacco. Scoperta una zero-day (CVE-2025-8088) che consente di eseguire malware nascosti nei file RAR. 🔐 Aggiorna subito alla versione 7.13. 👉 Dettagli: https://t.co/lORk601tDk #WinRAR #CyberAttack #ZeroDay #Cybersecurity https://t.co/15ky8LuHzx
@coondivido
16 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
16 Sept 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In August 2025, Recorded Future's Insikt Group identified 18 high-impact vulnerabilities, down from 22 in July, with Citrix and D-Link flaws dominating; 16 remain Very Critical, including CVE-2025-8088 exploited by the RomCom group. #CyberSecurity https://t.co/HKA23L0Akn
@Cyber_O51NT
16 Sept 2025
570 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild https://t.co/qYKckuR2e8
@ByteCheck101
15 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
15 Sept 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ New WinRAR vuln (CVE-2025-8088) exploited by Russia-linked RomCom group → silent backdoors across companies. Patch fast or pay later. Is your patching strategy protection—or compliance theater? https://t.co/mdVD2iTS3E #ZeroDay #CyberInsurance #RiskManagement http
@MNovofastovsky
11 Sept 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability: RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
@ZeroDayFacts
10 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical WinRAR flaw (CVE-2025-8088) is being actively exploited & is listed in the CISA KEV Catalog. With @Qualys TruRisk™ Eliminate, organizations can patch, remediate, mitigate - or uninstall vulnerable versions, all from one platform. Read more: https://t.co/ev2Px2e3A
@qualys
8 Sept 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6218 and CVE-2025-8088 are two critical zero-day vulnerabilities affecting WinRAR. Learn everything about them in our latest Issue. Read it now on ZINIO. https://t.co/KWAzT5ZNrm #cybersecurity #cybersec #infosec #pentesting #cve-2025-6218 #CVE-2025-8088 #WinRAR-0-day
@Hackercool_mag
7 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Eliminate WinRAR CVE-2025-8088 with TruRisk Eliminate | Qualys https://t.co/beC6aDifEN
@PVynckier
7 Sept 2025
130 Impressions
4 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-8088
@transilienceai
5 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💀 CVE-2025-8088: WinRAR ‘ExtractFile()’ path traversal bug allows evil .rar to drop payload in Startup → full RCE. PoC: evil.rar → ../../../../Start Menu/Programs/Startup/evil.bat Fix & details: https://t.co/tYXSezqIAg #Infosec #WinRAR #CVE2025 #BugBounty
@NullSecurityX
3 Sept 2025
7183 Impressions
16 Retweets
76 Likes
36 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-8088 – WinRAR Directory Traversal RCE Malicious .rar archives can drop files into Startup folders → Remote Code Execution. Critical vulnerability. Read the full breakdown 👇 https://t.co/tYXSezqIAg #CVE20258088 #WinRAR #BugBounty #CyberSecurity
@NullSecurityX
2 Sept 2025
771 Impressions
3 Retweets
26 Likes
12 Bookmarks
1 Reply
1 Quote
🚨 WinRAR CVE-2025-8088: The invisible persistence SOCs can’t afford to miss Attackers are abusing Alternate Data Streams (ADS) to perform path traversal during archive extraction. By appending colon symbol (:) in file names, they sneak hidden objects into system folders ht
@anyrun_app
1 Sept 2025
11910 Impressions
50 Retweets
153 Likes
91 Bookmarks
0 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]