๐ŸŸข CVE-2025-8088

CVE-2025-8088 is a path traversal vulnerability in WinRAR that allows arbitrary code execution through malicious archive files. This requires user interaction to open/extract crafted archives and is not directly exploitable over the internet against public-facing services.

โ† Back to Overview
LOW_RISK
Risk Level
8.4
CVSS Score
LOCAL
Attack Vector
Execution
ATT&CK Tactic
T1203 โ€” Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-08-08

Added to CISA KEV: 2025-08-12 4 DAYS BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2025-09-06)

Here's a breakdown of the CVE-2025-8088 vulnerability exploitation:

  • Affected Applications/Services:
* The vulnerability affects the Windows version of WinRAR (versions up to 7.12) and related tools like UnRAR.dll [1][2].
  • Active Exploitation:
* CVE-2025-8088 has been actively exploited as a zero-day vulnerability [3][4]. It was discovered in mid-July 2025 and has been exploited in the wild [5][6].
  • Attack Vectors and Exploitation Methods:
* The primary attack vector involves social engineering and phishing attacks [7][4]. * Attackers create specially crafted RAR archives that, when extracted, write malicious files to arbitrary locations on the system [8][9]. * This path traversal vulnerability allows writing files to sensitive directories, including the Windows Startup folder, leading to arbitrary code execution [7][10]. * The vulnerability can be exploited using NTFS Alternate Data Streams [11].
  • Targeted Attacks:
* The Russian hacking group RomCom has exploited this vulnerability in targeted attacks [3][4]. * These attacks have targeted financial, manufacturing, defense, and logistics companies in Europe and Canada [12][13].
  • CISA KEV Status:
* CISA has added CVE-2025-8088 to its Known Exploited Vulnerabilities (KEV) catalog [14][15].
  • Technical Details/Internet Exploitability:
* CVE-2025-8088 is a path traversal vulnerability [1][2]. * It allows attackers to execute arbitrary code by crafting malicious archive files [9][16]. * The vulnerability has a CVSS score of 8.4, indicating high risk [1][2]. * Proof-of-concept (PoC) exploits are available [1][8]. * Successful exploitation allows unauthorized attackers to copy malicious files into sensitive directories, such as the Windows Startup folder [7].

Sources

  1. GitHub - sxyrxyy/CVE-2025-8088-WinRAR-Proof...

    CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit).This repository contains a Proof of Concept (PoC) script for CVE-2025-8088, a path traversal vulnerability in WinRAR versions up to 7.12.

  2. Our Blog - Greenbone

    CVE-2025-8088 (CVSS 8.4) is a new high-risk path traversal vulnerability [CWE-35] in WinRAR versions 7.12 and below and related components including UnRAR.dll.

  3. Details emerge on WinRAR zero-day attacks that ... - BleepingComputer

    Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to ...

  4. WinRAR zero-day exploited to plant malware on archive extraction

    A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.These archives exploited the CVE-2025-8088 to deliver RomCom backdoors. RomCom is a Russia-aligned group."โ€ฆ

  5. A path traversal vulnerability affecting the Windows...

    Exploitability Metrics. Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed