Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Published

2025-08-08T12:15:29.343

Last Modified

2025-08-21T14:12:28.970

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-35

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rarlab	winrar	< 7.13	Yes
Operating System	microsoft	windows	-	No
Application	dtsearch	dtsearch	< 2023.01	Yes
Operating System	microsoft	windows	-	No

References

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 Release Notes ([email protected])
https://support.dtsearch.com/faq/dts0245.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088 Press/Media Coverage (134c704f-9b21-4f2e-91b3-4a467353bcc0)