⚠ Actively exploited

Added to CISA KEV on 2025-08-12. Federal agencies required to patch by 2025-09-02. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-8088 — Path Traversal: '.../...//' in Winrar

CWE-35 — Path Traversal: '.../...//'19 documents13 sources

Severity

8.4HIGHNVD

EPSS

8.2%

top 7.80%

CISA KEV

KEV

Added 2025-08-12

Due 2025-09-02

Exploit

No known exploits

Affected products

Dtsearch Rarlab Winrar Win.rar Gmbh Winrar

Timeline

PublishedAug 8

KEV addedAug 12

KEV dueSep 2

Latest updateFeb 4

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages3 packages

▶NVDrarlab/winrar< 7.13

▶CVEListV5win.rar_gmbh/winrar7.12

▶NVDdtsearch/dtsearch< 2023.01

🔴Vulnerability Details

CVEList

Path traversal vulnerability in WinRAR↗2025-08-08

▶

GHSA

GHSA-832g-3rcm-wcrf: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive fi↗2025-08-08

▶

VulnCheck

RARLAB WinRAR Path Traversal Vulnerability↗2025

▶

🔍Detection Rules

Suricata

ET EXPLOIT [CORELIGHT] RAR File ADS Path Traversal Inbound via HTTP (CVE-2025-8088)↗2025-08-11

▶

Suricata

ET EXPLOIT [CORELIGHT] RAR File ADS Path Traversal Inbound via raw tcp (CVE-2025-8088)↗2025-08-11

▶

Sigma

WinRAR Creating Files in Startup Locations↗

▶

📋Vendor Advisories

CISA

RARLAB WinRAR Path Traversal Vulnerability↗2025-08-12

▶

🕵️Threat Intelligence

Bleepingcomputer

New Amaranth Dragon cyberespionage group exploits WinRAR flaw↗2026-02-04

▶

Mandiant

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088↗2026-01-27

▶

Mandiant

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088↗2026-01-27

▶

Bleepingcomputer

WinRAR path traversal flaw still exploited by numerous hackers↗2026-01-27

▶

Securelist

Exploits and vulnerabilities in Q3 2025↗2025-12-03

▶