CVE-2025-8088
Published: 08 August 2025
Summary
CVE-2025-8088 is a high-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Microsoft Windows. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 6.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Deeper analysis
A path traversal vulnerability tracked as CVE-2025-8088 affects the Windows version of WinRAR. The flaw, assigned CWE-35 and carrying a CVSS 4.0 score of 8.4, permits attackers to execute arbitrary code through specially crafted archive files. It was discovered by ESET researchers Anton Cherepanov, Peter Košinár, and Peter Strýček.
Attackers can exploit the issue by delivering malicious archives that abuse the path traversal condition, resulting in code execution on the victim system. The vulnerability has already been exploited in the wild by at least two groups, according to public reporting.
Official guidance appears in the WinRAR advisory at win-rar.com along with mitigation references that discuss software restriction policies and image file execution options. Additional technical write-ups from Vicarius outline detection and containment steps for affected environments. The EPSS score has remained steady at 0.1161 with no material upward movement after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23983
Vulnerability details
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček…
more
from ESET.
- CWE(s)
- KEV Date Added
- 12 August 2025
Related Threats
Threat-Actor AttributionAI
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal enables arbitrary code execution via crafted malicious WinRAR archives requiring user interaction to open, directly facilitating client-side exploitation (T1203) and malicious file execution (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the WinRAR path traversal vulnerability to directly prevent arbitrary code execution from malicious archives.
Deploys malicious code protection mechanisms to scan and block crafted RAR archives exploiting the path traversal vulnerability at entry points.
Prohibits or controls user installation of vulnerable third-party software like WinRAR, preventing deployment of exploitable applications.