CVE-2025-8088
high-risk
Published 2025-08-08
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Do I need to act?
~
7.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
References (7)
Press/Media Coverage
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-fo...
Third Party Advisory
https://support.dtsearch.com/faq/dts0245.htm
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
Press/Media Coverage
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-a...
53
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
16/34 · Moderate
Exposure
7/34 · Low