Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

INFO

Published Date :

2025-08-08T11:11:41.842Z

Last Modified :

2026-02-26T17:49:47.133Z

Source :

ESET
AFFECTED PRODUCTS

The following products are affected by CVE-2025-8088 vulnerability.

Vendors Products
Dtsearch
  • Dtsearch
Microsoft
  • Windows
Rarlab
  • Winrar
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-8088.

URL Resource
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/ cve-icon
https://support.dtsearch.com/faq/dts0245.htm cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 cve-icon cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo cve-icon
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 cve-icon cve-icon
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact