Vulnerability Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rarlab | Winrar | < 7.13 |
| Microsoft | Windows | - |
| Dtsearch | Dtsearch | < 2023.01 |
Related Weaknesses (CWE)
References
- https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHasRelease Notes
- https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-foPress/Media Coverage
- https://support.dtsearch.com/faq/dts0245.htmThird Party Advisory
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-dayThird Party Advisory
- https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-usMitigationThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
- https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-aPress/Media Coverage
FAQ
What is CVE-2025-8088?
CVE-2025-8088 is a vulnerability with a CVSS score of 8.8 (HIGH). A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild ...
How severe is CVE-2025-8088?
CVE-2025-8088 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8088?
Check the references section above for vendor advisories and patch information. Affected products include: Rarlab Winrar, Microsoft Windows, Dtsearch Dtsearch.