CVE-2025-8088

Summary

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Affected Software

VendorProductVersion RangeStatus
win.rar GmbHWinRAR0 <= 7.12affected

Weaknesses

  • CWE-35: CWE-35 Path traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References