CVE-2025-8088
Path traversal vulnerability in WinRAR
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
| CWE | CWE-35 |
| Vendor | win.rar gmbh |
| Product | winrar |
| Published | Aug 8, 2025 |
| Last Updated | Feb 26, 2026 |
⚠️ Actively Exploited — Act Now
Get instant alerts for win.rar gmbh winrar
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-8088.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
win.rar GmbH / WinRAR
0 ≤ 7.12
References
win-rar.com: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 welivesecurity.com: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088 vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo support.dtsearch.com: https://support.dtsearch.com/faq/dts0245.htm arstechnica.com: https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/