CVE-2025-8088

HIGH
2025-08-08 [email protected]
8.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:05 vuln.today
Added to CISA KEV
Oct 30, 2025 - 15:50 cisa
CISA KEV
CVE Published
Aug 08, 2025 - 12:15 nvd
HIGH 8.4

Tags

RCE Microsoft Path Traversal Winrar Dtsearch Windows

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Analysis

WinRAR for Windows contains a path traversal vulnerability allowing crafted archives to execute arbitrary code, discovered by ESET and exploited in the wild for targeted attacks.

Technical Context

The CWE-35 path traversal in WinRAR's archive extraction allows crafted archives to place files outside the intended extraction directory, including in executable locations.

Affected Products

['WinRAR for Windows (affected versions)']

Remediation

Update WinRAR immediately. Monitor for suspicious files in startup locations after archive extraction.

Priority Score

99
Low Medium High Critical
KEV: +50
EPSS: +6.8
CVSS: +42
POC: 0

Share

CVE-2025-8088 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy