HIGH 8.8
KEV
CVE-2025-8088
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
8.3%
percentile 92.3%
CISA Known Exploited Vulnerability
- Added to KEV
- 2025-08-12
- Remediation deadline
- 2025-09-02
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware
- No
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| rarlab | winrar | Windows | <7.13 | cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* |