CVE-2025-8088

High CVSS 8.8

Overview

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.

CWE: CWE-35 Published: 2025-08-08T12:15:29.343

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: path, rce (tag impact: VERY HIGH)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags