- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
CVE-2025-8088 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. GitHub Link: https://t.co/FFYhFRZZb6 #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBou
@Sadishyt
31 Mar 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B WinRARの脆弱性CVE-2025-8088を中国・ロシア系ハッカーが現在も悪用中とGoogleが報告しています。自動更新機能がないため手動でv7.13への更新が必要です。WinRAR利用者の方はご確認ください。#セキ
@Anti_Ch_PCgc
29 Mar 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B 中国系グループ「Amaranth-Dragon」がWinRARの脆弱性CVE-2025-8088を悪用中です。自動更新機能がないため7.13以降に手動アップデートが必要ですよ。WinRARをお使いの方はご確認ください。#セキュリテ
@Anti_Ch_PCgc
27 Mar 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【中露、同一脆弱性を同時期に悪用しゼロデイ活用の加速が顕在化】 分析によれば、中国およびロシアのアクターが同一のWinRAR脆弱性(CVE-2025-8088)を同時期に悪用していたことが確認された。
@01ra66it
22 Mar 2026
377 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
圧縮・解凍ソフト WinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) セキュリティニュース https://t.co/Hi7yFVnYDd 投稿日時: 2026年02月06日 更新日時: 2026年02月06日
@tpmbiosfidorss
20 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📅 Date: September 2, 2025 🔎 Severity: Critical ⚠️ Affected: WinRAR versions earlier than 7.13 📚 Exploit Github: https://t.co/HZE0VKeqeN https://t.co/LRLlseYvum
@Hexsecteam
19 Mar 2026
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'Судова_повістка_2_17_8_1906_18.03.2026.rar' seen from Poland @abuse_ch https://t.co/pg4RSPYtKP CVE-2025-8088 https://t.co/fbWI2lXqjp
@smica83
19 Mar 2026
252 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 📞 55 2155 9757 ✉️ contacto@becc.com.mx #Hacking 📧 https://t.co/2C0kmrIAZv
@Becc_of
18 Mar 2026
88 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 💻🚨 No pongas en riesgo tu información. Mantente informado y protegido con Barbeyto’s News. Asesoría en ciberseguridad: 📞 55 2155 9757 📧 contacto@becc.com.
@Becc_of
18 Mar 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.rar' seen from Ukraine @abuse_ch https://t.co/zWSF4Y3wr7 CVE-2025-8088 @500mk500
@smica83
17 Mar 2026
542 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
'Запит_3_12_4_1480_13.03.2026.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/CFOosUJMlO @500mk500 https://t.co/L3sbi6EmPN
@smica83
16 Mar 2026
535 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Malicious HTML attachment seen from Ukraine @abuse_ch https://t.co/yuqtbTFtvk URL: hxxp://212.193.20(.)110/AkkUa-10-03 (Latvia) Drops this CVE-2025-8088 exploit: https://t.co/k39CqAoqC1 @500mk500 https://t.co/7GrWPxGWhX
@smica83
10 Mar 2026
531 Impressions
3 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 exploit seen from Cambodia @abuse_ch https://t.co/LCPsKDIXeq https://t.co/ko51DW6wgu
@smica83
9 Mar 2026
736 Impressions
1 Retweet
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Miliony w niebezpieczeństwie — luka WinRAR wciąż atakowana: Alarm w archiwach — luka WinRAR żyje i ma się dobrze. Google informuje, że CVE-2025-8088 — ta sama, o której pisaliśmy w sierpniu… https://t.co/EG22HtNJDZ #WinRAR #bezpieczeństwo #cyberatak #lukaBezpiecz
@MetaPlayZone
7 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Рота забезпечення.rar' seen from Ukraine @abuse_ch https://t.co/P1E8o6WncE CVE-2025-8088 and 6218 exploit. @500mk500 https://t.co/qj9yD5QYS1
@smica83
5 Mar 2026
346 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
中國 APT 組織 Amaranth-Dragon 利用 CVE-2025-8088 漏洞,8 天內就展開攻擊,鎖定東南亞 6 國政府機關與執法單位,行動與 APT41 高度重疊。 ref:https://t.co/jIKTonZXHs @PTTNetSecurity @cheng527 @Military_idv_tw
@lfcba8178
4 Mar 2026
122 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
中国系脅威グループがWinRARの脆弱性(CVE-2025-8088)を悪用し東南アジア政府機関・法執行機関を標的とする攻撃を実施。APTと関連するキャンペーン活動。#APT #WeaponizedCVE https://t.co/sJcZfKeQsw
@01ra66it
3 Mar 2026
354 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
RAR file named 'Лист_1_16_2_1062_02.03.2026.7z' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/6cLBq37Cvm @500mk500 https://t.co/dEQp4dUVM8
@smica83
2 Mar 2026
306 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and 6218 exploit with the name 'dfgh.rar' @abuse_ch Seen from Romania @ciprian2florea https://t.co/uRqK9IyhLH @skocherhan https://t.co/65AtNwONhz
@smica83
2 Mar 2026
716 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
1 Quote
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 https://t.co/2bh24IzqGM #cyber #threathunting #infosec
@blueteamsec1
27 Feb 2026
381 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
'Лист_3_13_3_1860_26.02.2026.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/PQbqtUJTFt @500mk500 https://t.co/zbZ2breKZd
@smica83
26 Feb 2026
314 Impressions
1 Retweet
7 Likes
1 Bookmark
1 Reply
0 Quotes
'opendoc_60.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/YzD8mizvXj @500mk500 https://t.co/CKa5YNQnFk
@smica83
23 Feb 2026
277 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
#pruva latest run now on windows thanks to @daytonaio windows sandboxes support. Reproduced the WinRAR ADS Path Traversal — Arbitrary Code Execution via Crafted Archive (CVE-2025-8088) Full self contained script that - install winrar - grabs a public PoC and validate it - r
@N3mes1s
17 Feb 2026
1564 Impressions
3 Retweets
14 Likes
8 Bookmarks
1 Reply
0 Quotes
'2_19_7_1105_17.02.2026.xhtml' seen from Ukraine @abuse_ch https://t.co/LUPPPcyHOr Drops the usual CVE-2025-8088 exploit: '2_19_7_1105_17.02.2026.rar' https://t.co/0wyEijjIQ0 Detection said it's #RomCom Really? @500mk500 https://t.co/kGiMR9da5Q
@smica83
17 Feb 2026
275 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
#threatreport #LowCompleteness Stairwell detects widespread exposure to critical WinRAR vulnerability across customer environments | 03-02-2026 Source: https://t.co/rnu8gKlrNV Key details below ↓ 🎯Victims: Enterprise environments, Developer environments 🔓CVEs: CVE-2025-
@rst_cloud
17 Feb 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
แจ้งเตือนภัยไซเบอร์! ช่องโหว่ร้ายแรงใน WinRAR (CVE-2025-8088) https://t.co/VIHD1Bn9UY
@LED_MOJ
17 Feb 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
'1_12_3_1363_12.02.2026.rar' seen from Ukraine @abuse_ch https://t.co/vcMXxUbHO9 CVE-2025-8088 @500mk500 https://t.co/zcJ4KwxHXJ
@smica83
16 Feb 2026
188 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'Dogovor.rar' seen from Ukraine @abuse_ch https://t.co/iLPdIbx85Z CVE-2025-8088, CVE-2025-6218 @500mk500 https://t.co/lBnDjzViPj
@smica83
16 Feb 2026
174 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 NEW: RomCom & Paper Werewolf Exploiting WinRAR CVE-2025-8088 Zero-Day via ADS Path Traversal • 29 IOCs • 23 MITRE ATT&CK techniques • 9 detection rules (SPL/KQL/Sigma) https://t.co/ZUvO3Y3XcE
@threadlinqs
16 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'база данных.rar' as a CVE-2025-8088 exploit, seen from Ukraine @abuse_ch https://t.co/nA2In6emsW @500mk500 https://t.co/asGrPI64uZ
@smica83
14 Feb 2026
469 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2025-8088 Exploitation Used to Deploy Amaranth Loader and Havoc Framework https://t.co/92MhHma8TK https://t.co/7gho8O4O4b
@secharvesterx
10 Feb 2026
912 Impressions
3 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Nowa grupa Amaranth-Dragon (prawdopodobnie powiązana z chińskim wywiadem) atakuje strategiczne cele 🕵️♂️ Badacze bezpieczeństwa z Checkpoint Research wykryli nową kampanię cyberszpiegowską, wykorzystującą lukę w WinRAR (CVE-2025-8088) 🎯 Jak wygląda
@Sekurak
10 Feb 2026
7215 Impressions
7 Retweets
67 Likes
12 Bookmarks
5 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/9koQlS4I5L https://t.co/9svQGHHUaQ
@mayurk21
9 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-8088 : WINRAR PATH TRAVERSAL RCE VIA MALICIOUS ARCHIVE PARSING ALERT 🚨 WinRAR A critical unauthenticated remote code execution vulnerability exists in WinRAR, allowing attackers to achieve arbitrary file write and code execution by opening specially crafted
@OstorlabSec
9 Feb 2026
87 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/6cl3SJk3ur https://t.co/ABU9bl9PJU
@IdentityJason
9 Feb 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia via @_CPResearch_ #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/ssuMENAuqN
@proficioinc
9 Feb 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent intrusion activity shows sustained exploitation of CVE-2025-8088 to deliver custom loaders and remote access tooling. The campaigns emphasize stealth, regional targeting, and low-noise persistence mechanisms. #threatintelligence #CyberSec https://t.co/6hrdyFEu0z
@LandscapeThreat
9 Feb 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/cHy2SHrDF8 https://t.co/2LHO9iwd8m
@CloudVirtues
8 Feb 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/zsM3zVSOHR https://t.co/GFPpozjbLT
@PhotoZel
7 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/ky5CznlGOl https://t.co/vkSc1tRgFy
@SirajD_Official
7 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/46P6M9UzUH https://t.co/7ENql1JbjM
@scandaletti
6 Feb 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber-espionage group Amaranth-Dragon exploits WinRAR vulnerability CVE-2025-8088 to infiltrate Southeast Asian government networks. Stay vigilant! Link: https://t.co/sLv92Jgg26 #Cybersecurity #WinRAR #Amaranth #CVE #Hacking #Security #Threat #Malware #Exploitation #SpearPhishing
@dailytechonx
6 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
圧縮・解凍ソフト WinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) https://t.co/qmVilE0QeI
@cybersecnews_jp
6 Feb 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. https://t.co/K3lsesapnV
@MDST9999
6 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Threat][ASEAN]🟡Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Type: Targeted Date: 04 Feb 2026 Refer: https://t.co/R7s9ppWaMm #rectifyq #cti #threatintel #threatintelligence #malaysia #infosec
@_rectifyq
6 Feb 2026
94 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
#AmaranthDragon espionage campaign exploits #WinRAR CVE-2025-8088 to target gov and law enforcement in Southeast #Asia. Path traversal enables code execution and persistence via Startup folder, deploying Havoc C2 or TGAmaranth RAT. https://t.co/dXIejReLjB
@MeridianEU
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ATTENTION À WINRAR ! Une vieille faille critique est toujours exploitée massivement en 2026 Si tu utilises WinRAR pour ouvrir des fichiers .zip ou .rar, tu dois ABSOLUMENT vérifier ta version. Une vulnérabilité critique (CVE-2025-8088), pourtant corrigée en juillet 2025, e
@NEMBUTADIAKIESE
6 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth-Dragon exploited WinRAR flaw CVE-2025-8088 within 10 days to deploy malicious RAR archives targeting government and law enforcement in Southeast Asia, using Telegram-based RATs and tailored lures. #Thailand #WinRARFlaw #AmaranthDragon https://t.co/FzwMNSSX4L
@TweetThreatNews
6 Feb 2026
147 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#ThreatProtection Espionage activity in Southeast Asia is abusing WinRAR CVE-2025-8088 to deliver passworded archives, DLL-sideloaded loaders, and Havoc C2. Read more about our protections: https://t.co/DMuaVohpS1
@threatintel
6 Feb 2026
1188 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]