← Zuruck zu CVEs

CVE-2025-8088

HIGHCISA KEV

8.8

Beschreibung

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht8/8/2025

Zuletzt geandert10/30/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerRARLAB

ProduktWinRAR

SchwachstellennameRARLAB WinRAR Path Traversal Vulnerability

KEV Aufnahmedatum2025-08-12

Behebungsfrist2025-09-02

Ransomware-NutzungUnknown

Betroffene Produkte

dtsearch:dtsearchmicrosoft:windowsrarlab:winrar

Schwachen (CWE)

CWE-35

Referenzen

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5(security@eset.com)

https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/(af854a3a-2127-422b-91ae-364da2661108)

https://support.dtsearch.com/faq/dts0245.htm(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.