CVE-2025-8088

Published Aug 8, 2025

Last updated 10 days ago

Exploit knownCVSS high 8.4
WinRAR

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.

Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Source
security@eset.com
NVD status
Analyzed
Products
winrar, dtsearch

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
RARLAB WinRAR Path Traversal Vulnerability
Exploit added on
Aug 12, 2025
Exploit action due
Sep 2, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@eset.com
CWE-35

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    24 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. WinRAR Zero-Day Actively Exploited — CVE-2025-8088 https://t.co/akUD1rwdxF https://t.co/lvyYH5k0Hr

    @Delana_Tech_Llc

    19 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ESET researchers report that the vulnerability, designated CVE-2025-8088, is being actively exploited by the Russian-linked RomCom group. The described vulnerability was patched in WinRAR version 7.13 and only affects Windows systems. https://t.co/gUM90nbexU

    @rootzona

    17 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    17 Sept 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. ⚠️ WinRAR sotto attacco. Scoperta una zero-day (CVE-2025-8088) che consente di eseguire malware nascosti nei file RAR. 🔐 Aggiorna subito alla versione 7.13. 👉 Dettagli: https://t.co/lORk601tDk #WinRAR #CyberAttack #ZeroDay #Cybersecurity https://t.co/15ky8LuHzx

    @coondivido

    16 Sept 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    16 Sept 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. In August 2025, Recorded Future's Insikt Group identified 18 high-impact vulnerabilities, down from 22 in July, with Citrix and D-Link flaws dominating; 16 remain Very Critical, including CVE-2025-8088 exploited by the RomCom group. #CyberSecurity https://t.co/HKA23L0Akn

    @Cyber_O51NT

    16 Sept 2025

    570 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild https://t.co/qYKckuR2e8

    @ByteCheck101

    15 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    15 Sept 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. ⚠️ New WinRAR vuln (CVE-2025-8088) exploited by Russia-linked RomCom group → silent backdoors across companies. Patch fast or pay later. Is your patching strategy protection—or compliance theater? https://t.co/mdVD2iTS3E #ZeroDay #CyberInsurance #RiskManagement http

    @MNovofastovsky

    11 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability: RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

    @ZeroDayFacts

    10 Sept 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A critical WinRAR flaw (CVE-2025-8088) is being actively exploited & is listed in the CISA KEV Catalog. With @Qualys TruRisk™ Eliminate, organizations can patch, remediate, mitigate - or uninstall vulnerable versions, all from one platform. Read more: https://t.co/ev2Px2e3A

    @qualys

    8 Sept 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-6218 and CVE-2025-8088 are two critical zero-day vulnerabilities affecting WinRAR. Learn everything about them in our latest Issue. Read it now on ZINIO. https://t.co/KWAzT5ZNrm #cybersecurity #cybersec #infosec #pentesting #cve-2025-6218 #CVE-2025-8088 #WinRAR-0-day

    @Hackercool_mag

    7 Sept 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Eliminate WinRAR CVE-2025-8088 with TruRisk Eliminate | Qualys https://t.co/beC6aDifEN

    @PVynckier

    7 Sept 2025

    130 Impressions

    4 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    5 Sept 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. 💀 CVE-2025-8088: WinRAR ‘ExtractFile()’ path traversal bug allows evil .rar to drop payload in Startup → full RCE. PoC: evil.rar → ../../../../Start Menu/Programs/Startup/evil.bat Fix & details: https://t.co/tYXSezqIAg #Infosec #WinRAR #CVE2025 #BugBounty

    @NullSecurityX

    3 Sept 2025

    7183 Impressions

    16 Retweets

    76 Likes

    36 Bookmarks

    0 Replies

    1 Quote

  17. 🚨 CVE-2025-8088 – WinRAR Directory Traversal RCE Malicious .rar archives can drop files into Startup folders → Remote Code Execution. Critical vulnerability. Read the full breakdown 👇 https://t.co/tYXSezqIAg #CVE20258088 #WinRAR #BugBounty #CyberSecurity

    @NullSecurityX

    2 Sept 2025

    771 Impressions

    3 Retweets

    26 Likes

    12 Bookmarks

    1 Reply

    1 Quote

  18. 🚨 WinRAR CVE-2025-8088: The invisible persistence SOCs can’t afford to miss Attackers are abusing Alternate Data Streams (ADS) to perform path traversal during archive extraction. By appending colon symbol (:) in file names, they sneak hidden objects into system folders ht

    @anyrun_app

    1 Sept 2025

    11910 Impressions

    50 Retweets

    153 Likes

    91 Bookmarks

    0 Replies

    2 Quotes

  19. RomCom exploits CVE-2025-8088: phish RAR → Startup-folder persistence → C2 exfil. Patch WinRAR 7.13+. 📦 Read & subscribe: https://t.co/Ne0nPQxDB0 #AlphaHunt #CyberSecurity #WinRAR

    @alphahunt_io

    29 Aug 2025

    41 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ New WinRAR Zero-Day Vulnerability (CVE-2025-8088) Found! https://t.co/ijG52qKJhv In my latest blog, I break down: ✅ How the vulnerability works ✅ Who’s being targeted ✅ How to stay protected with the latest update https://t.co/plL38Qi680

    @umidcybers

    27 Aug 2025

    118 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. New #ZeroDay alert: CVE-2025-8088 in WinRAR is being actively exploited. Hackers are hiding malware in RAR job apps → dropping DLLs + shortcuts for persistence. 🛡️ Patch to WinRAR 7.13+ now. Don’t let RomCom actors turn your inbox into their backdoor. #CyberSecurity ht

    @intxorg

    27 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 Update WinRAR NOW! ESET found CVE-2025-8088 actively exploited by RomCom APT group. Weaponized RAR files → hidden DLL/LNK payloads → financial, defense, and logistics targets hit. Patch released July 30, 2025 → WinRAR 7.13 Stay safe, upgrade ASAP. #CyberSecurity #Infos

    @0xOverclock

    27 Aug 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. WinRAR zero-day (CVE-2025-8088) now weaponized by RomCom & Paper Werewolf. Malicious .rar drops backdoors into Startup folders—no user suspicion required. 𝗣𝗮𝘁𝗰𝗵 𝘁𝗼 𝘃𝟳.𝟭𝟯 𝗔𝗦𝗔𝗣. Read details here: https://t.co/MCs83gBLmP #ZeroDay

    @securitydailyr

    26 Aug 2025

    12 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  24. WinRAR users beware two critical vulnerabilities CVE-2025-6218 and CVE-2025-8088 allow attackers to write files outside intended extraction directories leading to persistent infections and remote code execution in enterprise environments. CVE-2025-6218 is a traditional

    @Tudorel92659164

    26 Aug 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! https://t.co/38pMK6rl

    @_JohnHammond

    26 Aug 2025

    40047 Impressions

    66 Retweets

    303 Likes

    158 Bookmarks

    7 Replies

    4 Quotes

  26. Two high-severity vulnerabilities in WinRAR (CVE-2025-6218 & CVE-2025-8088) allow attackers to exploit path traversal and NTFS ADS for stealthy persistence and RCE, with active exploitation observed by threat actors like RomCom. #CyberSecurity #WinRAR https://t.co/iux0iDWr2U

    @Cyber_O51NT

    26 Aug 2025

    240 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    24 Aug 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. 🚨ALERT Cybersecurity: Threat actor group Paper Werewolf is exploiting a WinRAR zero-day vulnerability (CVE-2025-8088). They bypass email security to deliver malware directly to targets. Users are urged to update to WinRAR version 7.13 to mitigate risks. https://t.co/x3FwAHqnCC

    @The_SentinelX

    21 Aug 2025

    70 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    20 Aug 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    19 Aug 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. WinRAR kena exploit baru yang dikaitin sama hacker Rusia RomCom. Celah CVE-2025-8088 bisa nanem backdoor malware lewat file archive. Udah dipatch di versi 7.13 tapi harus manual update sendiri karena WinRAR gak ada auto-update. Source : Tom's Hardware #arxidmedia https://t.co/LV4

    @arxidmedia

    19 Aug 2025

    76 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-8088 RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

    @ZeroDayFacts

    18 Aug 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. csirt_it: La Settimana Cibernetica del 17 agosto 2025 🔹 aggiornamenti per molteplici prodotti 🔹 Veeam: PoC pubblico per lo sfruttamento della CVE-2024-29853 🔹 Rilevato sfruttamento in rete della CVE-2025-8088 relativa a WinRAR ⚠️ #EPSS 🔗 … https://t.co/62q

    @Vulcanux_

    18 Aug 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. La Settimana Cibernetica del 17 agosto 2025 🔹 aggiornamenti per molteplici prodotti 🔹 Veeam: PoC pubblico per lo sfruttamento della CVE-2024-29853 🔹 Rilevato sfruttamento in rete della CVE-2025-8088 relativa a WinRAR ⚠️ #EPSS 🔗 https://t.co/w0xyH7g4I4 https:

    @csirt_it

    18 Aug 2025

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Top 5 Trending CVEs: 1 - CVE-2025-32778 2 - CVE-2025-8875 3 - CVE-2025-8088 4 - CVE-2025-52970 5 - CVE-2025-26633 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    18 Aug 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨 Vulnerabilitat zero-day crítica a WinRAR (CVE-2025-8088) explotada activament. ⚠️ Risc alt d’execució remota de codi via fitxers RAR. ✅ Actualitza JA a WinRAR 7.13. Més info al nostre post: https://t.co/i8JopXRisr /Keep IT simple #Ciberseguretat #WinRAR #Zero

    @Infordisa

    18 Aug 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. ⚠️ A WinRAR zero-day (CVE-2025-8088) was exploited to spread RomCom malware via phishing. The flaw is patched in v7.13—but with no auto-update, users must act fast. Update now to stay protected! #CyberSecurity #ZeroDay #WinRAR #RomCom #Malware #Phishing #CVE20258088 #Info

    @allendevaux

    17 Aug 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Ojo con descargar archivos .rar de fuentes desconocidas, para mitigar, actualiza la última Versión de WinRar +7.13 👇 NVD - CVE-2025-8088 https://t.co/jX4Jg4otYR Considera Linux, Chrome OS o Apple para mayor seguridad. 🧑‍💻

    @miguelurdanetag

    17 Aug 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    17 Aug 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. CISA、既知の悪用された脆弱性3件をカタログに追加 CISA Adds Three Known Exploited Vulnerabilities to Catalog #CISA (Aug 12) CVE-2013-3893 Microsoft Internet Explorer のリソース管理エラーの脆弱性 CVE-2007-0671 Microsoft Office Excel のリモー

    @foxbook

    17 Aug 2025

    426 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. New WinRAR Flaw CVE-2025-8088 Exploited in Social Engineering Attacks - Greenbone https://t.co/KUcsB80Txq

    @samilaiho

    16 Aug 2025

    588 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    2 Replies

    0 Quotes

  42. 🔥 The team is cooking New Alert: WinRAR Zero-Day Path Traversal Vulnerability CVE-2025-8088 is a WinRAR zero-day path traversal flaw in Windows versions, allowing attackers to execute arbitrary code by crafting malicious archives that place files in unauthorized locations, h

    @LetsDefendIO

    16 Aug 2025

    5362 Impressions

    17 Retweets

    114 Likes

    24 Bookmarks

    1 Reply

    0 Quotes

  43. Une faille critique (CVE-2025-8088) permet l'exécution de logiciels malveillants pour les utilisateurs de WinRAR. Vérifiez votre version et mettez à jour ! https://t.co/KrszrVgfwH #winrar #cybersécurité https://t.co/3BoRMTzMX3

    @ArkTech_News

    16 Aug 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Actively exploited CVE : CVE-2025-8088

    @transilienceai

    16 Aug 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. آسیب‌پذیری CVE-2025-8088 تو WinRAR برای باز کردن فایل ها از منابع ناشناس رو باید جدی گرفت. بدافزار بدون اینکه کاربر متوجه بشه بعد از ری‌استارت یا خاموش و روشن کردن

    @sabber_dev

    16 Aug 2025

    4065 Impressions

    11 Retweets

    120 Likes

    14 Bookmarks

    2 Replies

    0 Quotes

  46. Tengan cuidado al abrir archivos RAR de fuentes desconocidas, especialmente en grupos de Telegram o foros de ciberdelincuencia, porque andan con todo con esta vulnerabilidad. La vulnerabilidad CVE-2025-8088 en WinRAR (hasta la versión 7.12) permite que un archivo RAR malicioso h

    @ivancastl

    15 Aug 2025

    43858 Impressions

    272 Retweets

    922 Likes

    535 Bookmarks

    15 Replies

    7 Quotes

  47. Non-patch workaround for CVE-2025-8088. And they say magic isn't real 🪄 https://t.co/7UEITB20wA

    @vicariusltd

    15 Aug 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Vulnerabilidade WinRAR CVE-2025-8088: atualize já e evite ataque grave. Como você protege seu PC? Vale a pena discutir — comente, compartilhe ou acesse instruções. #segurança #WinRAR https://t.co/9G6La51jix

    @renda_Geek

    15 Aug 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. We've released Beyond Compare 5.1.3.31238. Updated UnRAR to fix another directory traversal vulnerability (CVE-2025-8088). General stability improvements and enhancements.

    @ScooterSoftware

    15 Aug 2025

    330 Impressions

    2 Retweets

    12 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. A newly discovered WinRAR bug (CVE-2025-8088) lets hackers plant malware on Windows PCs via malicious archives. Exploited by multiple threat groups, it has hit finance, defense, manufacturing and logistics sectors. We're surprised if you still use WinRAR, but update if you do.

    @MindfulTechLLC

    15 Aug 2025

    66 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.