CVE-2025-8088
RARLAB WinRAR Path Traversal Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2025-07-23 CVE Reserved
- 2025-08-08 CVE Published
- 2025-08-12 Exploited in Wild
- 2025-08-21 CVE Updated
- 2025-08-29 EPSS Updated
- 2025-09-02 KEV Due Date
- ---------- First Exploit
CWE
- CWE-35: Path Traversal: '.../...//'
CAPEC
- CAPEC-549: Local Execution of Code
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Win.rar GmbH Search vendor "Win.rar GmbH" | WinRAR Search vendor "Win.rar GmbH" for product "WinRAR" | <= 7.12 Search vendor "Win.rar GmbH" for product "WinRAR" and version " <= 7.12" | en |
Affected
| ||||||