Cyber Resilience

CVE-2025-8088

HighCISA KEVActive ExploitationEUVD Exploited

Published: 08 August 2025

Published
08 August 2025
Modified
30 October 2025
KEV Added
12 August 2025
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1161 93.8th percentile
Risk Priority 44 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8088 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Microsoft Windows. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 6.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Deeper analysis

A path traversal vulnerability tracked as CVE-2025-8088 affects the Windows version of WinRAR. The flaw, assigned CWE-35 and carrying a CVSS 4.0 score of 8.4, permits attackers to execute arbitrary code through specially crafted archive files. It was discovered by ESET researchers Anton Cherepanov, Peter Košinár, and Peter Strýček.

Attackers can exploit the issue by delivering malicious archives that abuse the path traversal condition, resulting in code execution on the victim system. The vulnerability has already been exploited in the wild by at least two groups, according to public reporting.

Official guidance appears in the WinRAR advisory at win-rar.com along with mitigation references that discuss software restriction policies and image file execution options. Additional technical write-ups from Vicarius outline detection and containment steps for affected environments. The EPSS score has remained steady at 0.1161 with no material upward movement after disclosure.

EU & UK References

Vulnerability details

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček…

more

from ESET.

CWE(s)
KEV Date Added
12 August 2025

Related Threats

Threat-Actor AttributionAI

RomCom
ESET reports RomCom and at least one other group exploiting the WinRAR zero-day (CVE-2025-8088) in the wild.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Path traversal enables arbitrary code execution via crafted malicious WinRAR archives requiring user interaction to open, directly facilitating client-side exploitation (T1203) and malicious file execution (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34621Same product: Microsoft Windowsboth on KEV
CVE-2025-2783Same product: Microsoft Windowsboth on KEV
CVE-2026-21510Same vendor: Microsoftboth on KEV
CVE-2025-24993Same vendor: Microsoftboth on KEV
CVE-2026-21513Same vendor: Microsoftboth on KEV
CVE-2025-13223Same product: Microsoft Windowsboth on KEV
CVE-2026-5281Same product: Microsoft Windowsboth on KEV
CVE-2025-10585Same product: Microsoft Windowsboth on KEV
CVE-2026-3909Same product: Microsoft Windowsboth on KEV
CVE-2026-3910Same product: Microsoft Windowsboth on KEV

Affected Assets

rarlab
winrar
≤ 7.13
dtsearch
dtsearch
≤ 2023.01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the WinRAR path traversal vulnerability to directly prevent arbitrary code execution from malicious archives.

preventdetect

Deploys malicious code protection mechanisms to scan and block crafted RAR archives exploiting the path traversal vulnerability at entry points.

prevent

Prohibits or controls user installation of vulnerable third-party software like WinRAR, preventing deployment of exploitable applications.

References