AI description
CVE-2025-8088 is a path traversal vulnerability affecting the Windows version of WinRAR. It allows attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild. It was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. The vulnerability was exploited in phishing attacks to deliver RomCom malware. The attackers can trick the program into saving a file in a different location than the user intended, such as the computer's Startup folder. This allows the attackers to execute their own code. WinRAR patched the vulnerability in version 7.13.
- Description
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
- Source
- security@eset.com
- NVD status
- Analyzed
- Products
- winrar, dtsearch
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- RARLAB WinRAR Path Traversal Vulnerability
- Exploit added on
- Aug 12, 2025
- Exploit action due
- Sep 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security@eset.com
- CWE-35
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
2
CVE-2025-8088 Exploitation Used to Deploy Amaranth Loader and Havoc Framework https://t.co/92MhHma8TK https://t.co/7gho8O4O4b
@secharvesterx
10 Feb 2026
912 Impressions
3 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Nowa grupa Amaranth-Dragon (prawdopodobnie powiązana z chińskim wywiadem) atakuje strategiczne cele 🕵️♂️ Badacze bezpieczeństwa z Checkpoint Research wykryli nową kampanię cyberszpiegowską, wykorzystującą lukę w WinRAR (CVE-2025-8088) 🎯 Jak wygląda
@Sekurak
10 Feb 2026
7215 Impressions
7 Retweets
67 Likes
12 Bookmarks
5 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/9koQlS4I5L https://t.co/9svQGHHUaQ
@mayurk21
9 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-8088 : WINRAR PATH TRAVERSAL RCE VIA MALICIOUS ARCHIVE PARSING ALERT 🚨 WinRAR A critical unauthenticated remote code execution vulnerability exists in WinRAR, allowing attackers to achieve arbitrary file write and code execution by opening specially crafted
@OstorlabSec
9 Feb 2026
87 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/6cl3SJk3ur https://t.co/ABU9bl9PJU
@IdentityJason
9 Feb 2026
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia via @_CPResearch_ #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/ssuMENAuqN
@proficioinc
9 Feb 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent intrusion activity shows sustained exploitation of CVE-2025-8088 to deliver custom loaders and remote access tooling. The campaigns emphasize stealth, regional targeting, and low-noise persistence mechanisms. #threatintelligence #CyberSec https://t.co/6hrdyFEu0z
@LandscapeThreat
9 Feb 2026
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/cHy2SHrDF8 https://t.co/2LHO9iwd8m
@CloudVirtues
8 Feb 2026
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/zsM3zVSOHR https://t.co/GFPpozjbLT
@PhotoZel
7 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/ky5CznlGOl https://t.co/vkSc1tRgFy
@SirajD_Official
7 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinRAR CVE-2025-8088 Drives Targeted Espionage in Southeast Asia https://t.co/46P6M9UzUH https://t.co/7ENql1JbjM
@scandaletti
6 Feb 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber-espionage group Amaranth-Dragon exploits WinRAR vulnerability CVE-2025-8088 to infiltrate Southeast Asian government networks. Stay vigilant! Link: https://t.co/sLv92Jgg26 #Cybersecurity #WinRAR #Amaranth #CVE #Hacking #Security #Threat #Malware #Exploitation #SpearPhishing
@dailytechonx
6 Feb 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
圧縮・解凍ソフト WinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) https://t.co/qmVilE0QeI
@cloudsec_news
6 Feb 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. https://t.co/K3lsesapnV
@MDST9999
6 Feb 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Threat][ASEAN]🟡Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Type: Targeted Date: 04 Feb 2026 Refer: https://t.co/R7s9ppWaMm #rectifyq #cti #threatintel #threatintelligence #malaysia #infosec
@_rectifyq
6 Feb 2026
94 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
#AmaranthDragon espionage campaign exploits #WinRAR CVE-2025-8088 to target gov and law enforcement in Southeast #Asia. Path traversal enables code execution and persistence via Startup folder, deploying Havoc C2 or TGAmaranth RAT. https://t.co/dXIejReLjB
@MeridianEU
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ATTENTION À WINRAR ! Une vieille faille critique est toujours exploitée massivement en 2026 Si tu utilises WinRAR pour ouvrir des fichiers .zip ou .rar, tu dois ABSOLUMENT vérifier ta version. Une vulnérabilité critique (CVE-2025-8088), pourtant corrigée en juillet 2025, e
@NEMBUTADIAKIESE
6 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Feb 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth-Dragon exploited WinRAR flaw CVE-2025-8088 within 10 days to deploy malicious RAR archives targeting government and law enforcement in Southeast Asia, using Telegram-based RATs and tailored lures. #Thailand #WinRARFlaw #AmaranthDragon https://t.co/FzwMNSSX4L
@TweetThreatNews
6 Feb 2026
147 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
#ThreatProtection Espionage activity in Southeast Asia is abusing WinRAR CVE-2025-8088 to deliver passworded archives, DLL-sideloaded loaders, and Havoc C2. Read more about our protections: https://t.co/DMuaVohpS1
@threatintel
6 Feb 2026
1188 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 ด่วน!! พบกลุ่มAmaranth Dragon ใช้ช่องโหว่ CVE-2025-8088 ในการโจมตีแบบมุ่งเป้ากับหน่วยงานต่าง ๆ 🚨 ผู้ใช้งานและผู้ดูแล
@ThaiCERTByNCSA
5 Feb 2026
70 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
圧縮・解凍ソフトのWinRARの脆弱性を中国系ハッキング グループがサイバー攻撃へ悪用(CVE-2025-8088) https://t.co/vGSVoZLJUK #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
5 Feb 2026
250 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
Amaranth-Dragon exploits critical WinRAR flaw CVE-2025-8088 to gain persistent access in Southeast Asian government networks after CISA adds the bug to the KEV list. Patching urged. #APT https://t.co/rHDtC8xxwK
@threatcluster
5 Feb 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇨🇳 New Chinese APT 'Amaranth-Dragon' targets Southeast Asian governments. Exploits WinRAR flaw CVE-2025-8088 for initial access. Uses custom 'TGAmaranth RAT' with Telegram for stealthy C2. 🐉 #APT #CyberEspionage #AmaranthDragon 🔗 https://t.co/kkLMegZqKA
@NetSecIO
5 Feb 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Amaranth Dragon (APT41) explora WinRAR! Grupo chinês ataca governos do Sudeste Asiático. CVE-2025-8088 usada em campanhas de espionagem. Fonte: BleepingComputer https://t.co/IxZj0rWskP
@colapsodigital
5 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked Amaranth Dragon is exploiting a WinRAR flaw (CVE-2025-8088) in targeted espionage attacks on gov’t & law enforcement agencies. Patch WinRAR & monitor archives! https://t.co/plhzdVjJmX
@sctocs25
5 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WinRAR CVE-2025-8088 exploited in the wild to compromise Windows endpoints in targeted espionage campaigns Infosecurity Magazine reports active exploitation of the WinRAR path-traversal flaw (CVE-2025-8088) to gain initial access on Windows and deliver follow-on implants, wi
@ThreatSynop
5 Feb 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check Point | Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia https://t.co/Ts4TD047HJ
@StopMalvertisin
5 Feb 2026
205 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Amaranth-Dragon (APT41 nexus) weaponizes WinRAR CVE-2025-8088 to spy on Southeast Asian governments Security Affairs (citing Check Point) says the China-linked Amaranth-Dragon group rapidly exploited WinRAR path-traversal CVE-2025-8088 in 2025, using spear-phishing archives
@ThreatSynop
5 Feb 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #HighCompleteness Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia | 04-02-2026 Source: https://t.co/7Xluj5zLBW Key details below ↓ 🧑💻Actors/Campaigns: Amaranth-dragon (🧠motivation: cyber_espionage, cyber_crimina
@rst_cloud
5 Feb 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Amaranth-Dragon weaponizes WinRAR CVE-2025-8088 to plant Startup persistence and deploy Havoc C2 Amaranth-Dragon (linked to China’s APT41) abuses WinRAR path traversal (CVE-2025-8088) to drop scripts into the Windows Startup folder, then uses DLL sideloading to run “Amar
@ThreatSynop
5 Feb 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth-Dragon, linked to APT-41, launched targeted espionage in Southeast Asia exploiting CVE-2025-8088 via WinRAR, using custom loaders, encrypted payloads, and Telegram-based RATs against gov’t and law enforcement in Cambodia. #AmaranthDragon #Cambodia https://t.co/Ty8vVAMi
@TweetThreatNews
5 Feb 2026
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 𝐅𝐫𝐞𝐬𝐡 𝐂𝐕𝐄 𝐚𝐥𝐞𝐫𝐭 𝐣𝐮𝐬𝐭 𝐢𝐧! Amaranth Dragon targets WinRAR with CVE-2025-8088. Explore how this APT exploits file flaws and Telegram to evade detection and escalate attacks. 📖 Check the detailed report → https://t.c
@PurpleOps_io
5 Feb 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
China-linked Amaranth-Dragon exploits WinRAR vulnerability CVE-2025-8088 in targeted espionage campaigns against government and law enforcement agencies across Southeast Asia. #CyberSecurity #CVE20258088 #Infosec #ThreatIntel https://t.co/IAR4Mx4fvK
@Prevent_Cyber
5 Feb 2026
55 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Amaranth-Dragon weaponizes WinRAR CVE-2025-8088 to plant Startup persistence and deploy Havoc C2 Amaranth-Dragon (APT41-linked) is using WinRAR path traversal (CVE-2025-8088) to drop a malicious script into the Windows Startup folder for reboot persistence, then sideloading
@ThreatSynop
5 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Amaranth Dragon, linked to APT41, exploits WinRAR flaw CVE-2025-8088 to target Southeast Asian government and law enforcement using encrypted payloads and Cloudflare-backed C2 infrastructure. #AmaranthDragon #CVE2025-8088 #SoutheastAsia https://t.co/3YdGillpmu
@TweetThreatNews
5 Feb 2026
170 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Check Point Research linked Amaranth-Dragon to APT-41, revealing targeted 2025 campaigns against Southeast Asian governments using CVE-2025-8088, DLL sideloading, geo-restricted C2, and TGAmaranth RAT via Telegram. https://t.co/L5UeDvSDoC
@Cyber_O51NT
5 Feb 2026
1014 Impressions
6 Retweets
15 Likes
5 Bookmarks
0 Replies
0 Quotes
WinRAR 취약점(CVE-2025-8088)이 공개된 지 10일도 채 되지 않아 Amaranth-Dragon은 악성 RAR 아카이브를 공격에 활용하여 이 취약점을 악용하고 궁극적으로 피해 시스템에서 코드 실행 및 지속성을 확보 https://t.co/H2f3Vij7qy
@ngnicky
4 Feb 2026
201 Impressions
2 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 The Silent Startup Sabotage: How #CVE-2025-8088 Turns WinRAR into a Hacker's Backdoor + Video https://t.co/FMtEAkdpwy Educational Purposes!
@UndercodeUpdate
4 Feb 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中国系APT41と関連するとされる新たな脅威主体「Amaranth Dragon」が、WinRARの深刻な脆弱性を悪用し、東南アジアの政府機関や法執行機関を狙った諜報攻撃を展開していた。 Check Pointの調査によると、Amaranth Dragon
@yousukezan
4 Feb 2026
1271 Impressions
2 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 Amaranth-Dragon (APT41 nexus) weaponizes WinRAR CVE-2025-8088 for geo-fenced espionage in Southeast Asia Check Point Research links Amaranth-Dragon to highly targeted 2025 espionage ops against Southeast Asian government and law-enforcement entities, rapidly weaponizing WinR
@ThreatSynop
4 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Amaranth Dragon (APT41-linked) weaponizes WinRAR CVE-2025-8088 to drop Havoc C2 and a Telegram RAT in Southeast Asia Check Point-linked reporting says the actor abused WinRAR path traversal (CVE-2025-8088) to plant a malicious startup script, then used DLL sideloading to
@ThreatSynop
4 Feb 2026
41 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 China-linked “Amaranth-Dragon” weaponizes WinRAR zero-day to deploy stealth espionage tooling across Southeast Asia Check Point ties Amaranth-Dragon (linked to the APT41 ecosystem) to tightly-scoped spear-phishing campaigns abusing WinRAR CVE-2025-8088 via malicious RAR
@ThreatSynop
4 Feb 2026
62 Impressions
2 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Amaranth Dragon sfrutta CVE-2025-8088 per spionaggio mirato in Asia sudorientale Guerra Cibernetica, Amaranth Dragon, APT41, cina, Havoc, TGAmaranth, WinRAR https://t.co/bVbKdC7WqK https://t.co/XXoPI0AMMZ
@matricedigitale
4 Feb 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New! 🐉 Amaranth Dragon, linked to APT41, targets gov/law enforcement using a WinRAR flaw (CVE-2025-8088). Details: https://t.co/iqvOlgoL0e #CyberEspionage #WinRAR #APT41 #CVE20258088
@0xT3chn0m4nc3r
4 Feb 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In 2025, Amaranth-Dragon APT weaponized the popular WinRAR CVE-2025-8088 for targeted espionage across Southeast Asia. Custom loader, Telegram RAT, geofenced C2, and event-themed lures. https://t.co/0niy3adjUm
@_CPResearch_
4 Feb 2026
9557 Impressions
34 Retweets
104 Likes
40 Bookmarks
0 Replies
4 Quotes
Amaranth Dragon: not a cool retro game boss, but a new threat weaponizing CVE-2025-8088! They're like digital ninjas, but less honorable. Learn how to dodge their shadowy moves. 🕵️♀️ #CyberSecurity #ThreatIntel #CVE https://t.co/sBdNLyenno
@zench4n
4 Feb 2026
67 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Amaranth Dragon, linked to APT41, exploits CVE-2025-8088 in WinRAR targeting government and law enforcement. The campaign underscores ongoing cyberespionage and the need for rapid patching and monitoring. Details: https://t.co/U7qb83EqQW
@trubetech
4 Feb 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🇨🇳 China-linked Amaranth-Dragon targeted Southeast Asian government and law enforcement networks in 2025, with links to the APT41 ecosystem. Campaigns leveraged political lures and the WinRAR CVE-2025-8088 RCE flaw, using cloud delivery and geo-fenced infrastructure for st
@TheHackersNews
4 Feb 2026
8810 Impressions
28 Retweets
66 Likes
12 Bookmarks
3 Replies
0 Quotes
'5_11_1_1055_03.02.2026.7z' is a RAR file with CVE-2025-8088 exploit, seen from Ukraine @abuse_ch https://t.co/UXeWY9dNjO @500mk500 https://t.co/E5ZIuvUEsq
@smica83
3 Feb 2026
498 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8DD81E1-8FF3-4597-A2EA-C71D3856103E",
"versionEndExcluding": "7.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3658938E-7249-4ADE-8DCF-7B69A80D9221",
"versionEndExcluding": "2023.01"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]