AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
- Hype score
- Not currently trending
#APT #Sidewinder | #New #Variant | Targets #Pakistan Initial Dropper -> WinRAR ADS traversal vulnerabilities (CVE-2025-6218 & CVE-2025-8088) Decoy https://epms[.]ppra[.]gov[.]pk/public/tenders/invoice/TS0000000101E C2: docs.files-windows[.]top/j658K @500mk500 @MichalKo
@volrant136
14 May 2026
1176 Impressions
6 Retweets
16 Likes
6 Bookmarks
1 Reply
0 Quotes
Gamaredon, also known as Aqua Blizzard, Primitive Bear, Shuckworm or UAC-0010, has been exploiting CVE-2025-8088 to target Ukrainian organizations. Harfang Lab https://t.co/j5DK8LoyBv @harfanglab
@780thC
13 May 2026
1587 Impressions
12 Retweets
28 Likes
5 Bookmarks
0 Replies
0 Quotes
Russian 🇷🇺 Gamaredon continues targeting Ukrainian 🇺🇦 state institutions via spearphishing campaign exploiting CVE-2025-8088. Multi-stage VBScript downloaders profile infected systems through GammaDrop and GammaLoad tools. #DFIR_Radar https://t.co/2i3muAK5Jt
@DFIR_Radar
13 May 2026
280 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
0 Quotes
'Scan_1_17_1_1950_04.05.2026.rar' seen from Ukraine @abuse_ch CVE-2025-8088 https://t.co/vbb7VmNwMg @500mk500 https://t.co/g3FFkI2TeF
@smica83
4 May 2026
326 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
WinRAR 7.21 corrige un bug de corruption d'archives introduit par la 7.20 et rappelle qu'il faut encore télécharger chaque mise à jour soi-même. Dix mois après le patch, la faille CVE-2025-8088 est toujours exploitée. https://t.co/zcmzYqhi1n
@Clubic
4 May 2026
724 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A tool most people trust without thinking twice. CVE-2025-8088 shows why that matters. OPSWAT Unit 515 traced the full extraction workflow in WinRAR to show how attacker-controlled content can land outside the intended directory entirely. Read the blog. https://t.co/LcgSW7uATk
@OPSWAT
20 Apr 2026
151 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'Archive.rar' seen from Russia @abuse_ch https://t.co/wAkufq5cpv CVE-2025-8088 exploit. @500mk500 https://t.co/Q6kmZ7LMjV
@smica83
16 Apr 2026
437 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
'Scan_4_15_6_1387_14.04.2026.rar' seen from Ukraine @abuse_ch https://t.co/C83Mitf3Qu CVE-2025-8088 exploit. @500mk500 https://t.co/RrQGKrW0LO
@smica83
15 Apr 2026
349 Impressions
2 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' seen from Turkey @abuse_ch https://t.co/0fFrvVzsXD CVE-2025-8088 exploit https://t.co/MKnJZYH1aq
@smica83
14 Apr 2026
286 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
'Scan_3_12_5_1759_10.04.2026.rar' seen from Ukraine @abuse_ch CVE-2025-8088 exploit. https://t.co/GYvyvlBDj1 https://t.co/mAQyvlwDfm
@smica83
13 Apr 2026
825 Impressions
3 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
Robin Dost analyses a UAC-0226 sample, identifying it as a GIFTEDCROOK stealer variant. The chain starts with CVE-2025-6218 & CVE-2025-8088; a LNK launches a payload that decodes a binary, uses chunked data exfiltration & reconstructs its C2 at runtime. https://t.co/aYxPm
@virusbtn
10 Apr 2026
818 Impressions
1 Retweet
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Scan attachment campaign from Ukraine with many different RAR archive variants as CVE-2025-8088 exploit @abuse_ch 'Scan_5_18_4_1202_09.04.2026.rar' https://t.co/4ca4PGj7bA Uploads are coming from Ukraine and Denmark. @500mk500 @_CERT_UA https://t.co/hNMKtPMIip
@smica83
9 Apr 2026
416 Impressions
2 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
Відомості з реєстру військовозобов'язаних про працівників №20260409-7496423-1.rar (MD5:2af0a6135df3502a7f6de4d2de6db73b) uploaded from #UKRAINE, #exploit CVE-2025-8088 💩 @smica83 @polygonben https://t.co/M03SGaNx5O
@goldenjackel12
9 Apr 2026
548 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
1 Quote
'service global-e com_orders_2026.rar' @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088 https://t.co/lwqgGadnqr
@smica83
8 Apr 2026
428 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088
@smica83
8 Apr 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'service global-e com_orders_2026.rar' as a possible #RomCom sample @abuse_ch https://t.co/NbFz9a4Lsd CVE-2025-8088 https://t.co/Nx8y0KvZA3
@smica83
8 Apr 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files.This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár. #vuln
@KlinkWow769
8 Apr 2026
174 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2022-40769 2 - CVE-2025-5777 3 - CVE-2025-8088 4 - CVE-2023-41064 5 - CVE-2026-21643 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
5 Apr 2026
256 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'fiyat teklifi.rar' seen from Germany as a CVE-2025-8088 exploit @abuse_ch https://t.co/LkMz5IGU9q https://t.co/z5V0Ee3uHG
@smica83
4 Apr 2026
485 Impressions
0 Retweets
3 Likes
2 Bookmarks
1 Reply
0 Quotes
'Виконавчий_лист_2_13_1_1956_02.03.2026.rar' seen from Ukraine @abuse_ch https://t.co/zDDmZktgqn CVE-2025-8088 exploit @500mk500 https://t.co/TJMvEGxkRq
@smica83
4 Apr 2026
406 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. GitHub Link: https://t.co/FFYhFRZZb6 #infosec #Hacking #infosecurity #Malware #bugbountytips #CTF #BugBou
@Sadishyt
31 Mar 2026
140 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B WinRARの脆弱性CVE-2025-8088を中国・ロシア系ハッカーが現在も悪用中とGoogleが報告しています。自動更新機能がないため手動でv7.13への更新が必要です。WinRAR利用者の方はご確認ください。#セキ
@Anti_Ch_PCgc
29 Mar 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/HskaEgGC2B 中国系グループ「Amaranth-Dragon」がWinRARの脆弱性CVE-2025-8088を悪用中です。自動更新機能がないため7.13以降に手動アップデートが必要ですよ。WinRARをお使いの方はご確認ください。#セキュリテ
@Anti_Ch_PCgc
27 Mar 2026
145 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【中露、同一脆弱性を同時期に悪用しゼロデイ活用の加速が顕在化】 分析によれば、中国およびロシアのアクターが同一のWinRAR脆弱性(CVE-2025-8088)を同時期に悪用していたことが確認された。
@01ra66it
22 Mar 2026
377 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
圧縮・解凍ソフト WinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) セキュリティニュース https://t.co/Hi7yFVnYDd 投稿日時: 2026年02月06日 更新日時: 2026年02月06日
@tpmbiosfidorss
20 Mar 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert – CVE-2025-8088 (WinRAR Directory Traversal RCE) 📅 Date: September 2, 2025 🔎 Severity: Critical ⚠️ Affected: WinRAR versions earlier than 7.13 📚 Exploit Github: https://t.co/HZE0VKeqeN https://t.co/LRLlseYvum
@Hexsecteam
19 Mar 2026
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
'Судова_повістка_2_17_8_1906_18.03.2026.rar' seen from Poland @abuse_ch https://t.co/pg4RSPYtKP CVE-2025-8088 https://t.co/fbWI2lXqjp
@smica83
19 Mar 2026
252 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 📞 55 2155 9757 ✉️ contacto@becc.com.mx #Hacking 📧 https://t.co/2C0kmrIAZv
@Becc_of
18 Mar 2026
88 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Se identifica vulnerabilidad CVE-2025-8088 en #WinRAR. Atacantes podrían tomar control total de tu PC. 💻🚨 No pongas en riesgo tu información. Mantente informado y protegido con Barbeyto’s News. Asesoría en ciberseguridad: 📞 55 2155 9757 📧 contacto@becc.com.
@Becc_of
18 Mar 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Відомості з реєстру військовозобов'язаних про працівників №20260316-9055897-1.rar' seen from Ukraine @abuse_ch https://t.co/zWSF4Y3wr7 CVE-2025-8088 @500mk500
@smica83
17 Mar 2026
542 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
'Запит_3_12_4_1480_13.03.2026.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/CFOosUJMlO @500mk500 https://t.co/L3sbi6EmPN
@smica83
16 Mar 2026
535 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
Malicious HTML attachment seen from Ukraine @abuse_ch https://t.co/yuqtbTFtvk URL: hxxp://212.193.20(.)110/AkkUa-10-03 (Latvia) Drops this CVE-2025-8088 exploit: https://t.co/k39CqAoqC1 @500mk500 https://t.co/7GrWPxGWhX
@smica83
10 Mar 2026
531 Impressions
3 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-8088 exploit seen from Cambodia @abuse_ch https://t.co/LCPsKDIXeq https://t.co/ko51DW6wgu
@smica83
9 Mar 2026
736 Impressions
1 Retweet
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Miliony w niebezpieczeństwie — luka WinRAR wciąż atakowana: Alarm w archiwach — luka WinRAR żyje i ma się dobrze. Google informuje, że CVE-2025-8088 — ta sama, o której pisaliśmy w sierpniu… https://t.co/EG22HtNJDZ #WinRAR #bezpieczeństwo #cyberatak #lukaBezpiecz
@MetaPlayZone
7 Mar 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'Рота забезпечення.rar' seen from Ukraine @abuse_ch https://t.co/P1E8o6WncE CVE-2025-8088 and 6218 exploit. @500mk500 https://t.co/qj9yD5QYS1
@smica83
5 Mar 2026
346 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
中國 APT 組織 Amaranth-Dragon 利用 CVE-2025-8088 漏洞,8 天內就展開攻擊,鎖定東南亞 6 國政府機關與執法單位,行動與 APT41 高度重疊。 ref:https://t.co/jIKTonZXHs @PTTNetSecurity @cheng527 @Military_idv_tw
@lfcba8178
4 Mar 2026
122 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
中国系脅威グループがWinRARの脆弱性(CVE-2025-8088)を悪用し東南アジア政府機関・法執行機関を標的とする攻撃を実施。APTと関連するキャンペーン活動。#APT #WeaponizedCVE https://t.co/sJcZfKeQsw
@01ra66it
3 Mar 2026
354 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
RAR file named 'Лист_1_16_2_1062_02.03.2026.7z' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/6cLBq37Cvm @500mk500 https://t.co/dEQp4dUVM8
@smica83
2 Mar 2026
306 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-8088 and 6218 exploit with the name 'dfgh.rar' @abuse_ch Seen from Romania @ciprian2florea https://t.co/uRqK9IyhLH @skocherhan https://t.co/65AtNwONhz
@smica83
2 Mar 2026
716 Impressions
3 Retweets
6 Likes
3 Bookmarks
0 Replies
1 Quote
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088 https://t.co/2bh24IzqGM #cyber #threathunting #infosec
@blueteamsec1
27 Feb 2026
381 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
'Лист_3_13_3_1860_26.02.2026.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/PQbqtUJTFt @500mk500 https://t.co/zbZ2breKZd
@smica83
26 Feb 2026
314 Impressions
1 Retweet
7 Likes
1 Bookmark
1 Reply
0 Quotes
'opendoc_60.rar' seen from Ukraine as a CVE-2025-8088 exploit @abuse_ch https://t.co/YzD8mizvXj @500mk500 https://t.co/CKa5YNQnFk
@smica83
23 Feb 2026
277 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
#pruva latest run now on windows thanks to @daytonaio windows sandboxes support. Reproduced the WinRAR ADS Path Traversal — Arbitrary Code Execution via Crafted Archive (CVE-2025-8088) Full self contained script that - install winrar - grabs a public PoC and validate it - r
@N3mes1s
17 Feb 2026
1564 Impressions
3 Retweets
14 Likes
8 Bookmarks
1 Reply
0 Quotes
'2_19_7_1105_17.02.2026.xhtml' seen from Ukraine @abuse_ch https://t.co/LUPPPcyHOr Drops the usual CVE-2025-8088 exploit: '2_19_7_1105_17.02.2026.rar' https://t.co/0wyEijjIQ0 Detection said it's #RomCom Really? @500mk500 https://t.co/kGiMR9da5Q
@smica83
17 Feb 2026
275 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
#threatreport #LowCompleteness Stairwell detects widespread exposure to critical WinRAR vulnerability across customer environments | 03-02-2026 Source: https://t.co/rnu8gKlrNV Key details below ↓ 🎯Victims: Enterprise environments, Developer environments 🔓CVEs: CVE-2025-
@rst_cloud
17 Feb 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
แจ้งเตือนภัยไซเบอร์! ช่องโหว่ร้ายแรงใน WinRAR (CVE-2025-8088) https://t.co/VIHD1Bn9UY
@LED_MOJ
17 Feb 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
'1_12_3_1363_12.02.2026.rar' seen from Ukraine @abuse_ch https://t.co/vcMXxUbHO9 CVE-2025-8088 @500mk500 https://t.co/zcJ4KwxHXJ
@smica83
16 Feb 2026
188 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
'Dogovor.rar' seen from Ukraine @abuse_ch https://t.co/iLPdIbx85Z CVE-2025-8088, CVE-2025-6218 @500mk500 https://t.co/lBnDjzViPj
@smica83
16 Feb 2026
174 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 NEW: RomCom & Paper Werewolf Exploiting WinRAR CVE-2025-8088 Zero-Day via ADS Path Traversal • 29 IOCs • 23 MITRE ATT&CK techniques • 9 detection rules (SPL/KQL/Sigma) https://t.co/ZUvO3Y3XcE
@threadlinqs
16 Feb 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
'база данных.rar' as a CVE-2025-8088 exploit, seen from Ukraine @abuse_ch https://t.co/nA2In6emsW @500mk500 https://t.co/asGrPI64uZ
@smica83
14 Feb 2026
469 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]