← Back to CVE List
CVE-2025-8088NVD
Vulnerability Summary
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
from ESET.
CVSS v4.0 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
External References
- https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
- https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
- https://support.dtsearch.com/faq/dts0245.htm
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo
- https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088