← Voltar para CVEs

CVE-2025-8088

HIGHCISA KEV

8.8

Descricao

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado8/8/2025

Ultima modificacao10/30/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorRARLAB

ProdutoWinRAR

Nome da vulnerabilidadeRARLAB WinRAR Path Traversal Vulnerability

Data inclusao KEV2025-08-12

Prazo de remediacao2025-09-02

Uso em ransomwareUnknown

Produtos afetados

dtsearch:dtsearchmicrosoft:windowsrarlab:winrar

Fraquezas (CWE)

CWE-35

Referencias

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5(security@eset.com)

https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/(af854a3a-2127-422b-91ae-364da2661108)

https://support.dtsearch.com/faq/dts0245.htm(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day(af854a3a-2127-422b-91ae-364da2661108)

https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.