CVE-2025-8088
8.8
CVSS Score
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a rarlab winrar * * * * * * * *
- o microsoft windows - * * * * * * *
- a dtsearch dtsearch * * * * * * * *
Weaknesses (CWE)
- CWE-35
References & External Links
- https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
- https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
- https://support.dtsearch.com/faq/dts0245.htm
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088
- https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088