Unrated severityCISA KEVNVD Advisory· Published Aug 8, 2025· Updated Feb 26, 2026

Path traversal vulnerability in WinRAR

CVE-2025-8088

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Affected products

win.rar GmbH/WinRARv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.win-rar.com/singlenewsview.htmlmitre

News mentions

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Hacker News · May 14, 2026
Exploits and vulnerabilities in Q1 2026
Securelist · May 7, 2026

cvss	0.000
epss	0.006
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000