Unrated severityCISA KEVNVD Advisory· Published Aug 8, 2025· Updated Feb 26, 2026
Path traversal vulnerability in WinRAR
CVE-2025-8088
Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- win.rar GmbH/WinRARv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
19- Russia-Linked Turla Uses Compromised Infrastructure to Deploy STOCKSTAY in Ukraine OperationsCyber Security News · Jun 29, 2026
- Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service AbuseThe Hacker News · Jun 29, 2026
- Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian TargetsSecurityWeek · Jun 26, 2026
- Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage AttacksThe Hacker News · Jun 26, 2026
- Russia's Gamaredon Adapts Tactics to Target UkraineGovInfoSecurity · Jun 25, 2026
- Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliancesESET WeLiveSecurity · Jun 25, 2026
- The Latest Addition to Turla’s Intelligence Gathering ApparatusMandiant Threat Intelligence · Jun 25, 2026
- GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone OperationsCyber Security News · Jun 24, 2026
- 15th June – Threat Intelligence ReportCheck Point Research · Jun 15, 2026
- WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK StealerCyber Security News · Jun 15, 2026
- Russian Attackers Weaponize WinRAR Flaw Against Ukrainian OrgsDark Reading · Jun 9, 2026
- WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineThe Hacker News · Jun 9, 2026
- Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door OpenTrend Micro Research · Jun 8, 2026
- Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against UkraineThe Hacker News · Jun 2, 2026
- FSB Group Gamaredon Hides Worm in Windows Data StreamsInfosecurity Magazine · Jun 1, 2026
- Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial AccessCyber Security News · May 22, 2026
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt StrikeThe Hacker News · May 14, 2026
- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026
- Ransomware Tactics, Techniques, and Procedures in a Shifting Threat LandscapeMandiant Threat Intelligence · Mar 16, 2026