A
path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
References
| Link | Resource |
|---|---|
| https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 | Release Notes |
| https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/ | Press/Media Coverage |
| https://support.dtsearch.com/faq/dts0245.htm | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day | Third Party Advisory |
| https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo | Mitigation Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 | US Government Resource |
| https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 | Press/Media Coverage |
Configurations
History
30 Oct 2025, 15:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 - US Government Resource |
21 Oct 2025, 23:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:20
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:21
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
16 Sep 2025, 13:53
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-08 12:15
Updated : 2025-10-30 15:50
NVD link : CVE-2025-8088
Mitre link : CVE-2025-8088
CVE.ORG link : CVE-2025-8088
JSON object : View
CWE
CWE-35
Path Traversal: '.../...//'