CVE-2025-8088: RARLAB WinRAR Path Traversal Vulnerability (Pentest Lab Guide)

CVE-2025-8088: Technical Deep-Dive (Auto Refreshed)

Generated on 2026-03-23T21:42:42.128Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).

Executive Technical Summary

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Context preserved from previous revision: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. Notes: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Technical Details

CVE: CVE-2025-8088
KEV date added: 2025-08-12
KEV due date: 2025-09-02
NVD published: 2025-08-08
NVD modified: 2025-10-30
MITRE modified: 2026-02-26
CVSS base score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS exploitability score: 2.8
CVSS impact score: 5.9
Attack vector: Network
Attack complexity: Low
Privileges required: None
User interaction: Required
Scope: Unchanged
Confidentiality impact: High
Integrity impact: High
Availability impact: High

Versions and Products Impacted

rarlab / winrar (versions: < 7.13)
dtsearch / dtsearch (versions: < 2023.01)
win.rar GmbH / WinRAR (versions: 0)

Weakness Classification

CWE-35

Repositories for Lab Validation (Public Examples)

nomi-sec/PoC-in-GitHub | stars: 7594 | updated: 2026-03-23 | https://github.com/nomi-sec/PoC-in-GitHub
Notes: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
Tencent/AI-Infra-Guard | stars: 3297 | updated: 2026-03-23 | https://github.com/Tencent/AI-Infra-Guard
Notes: A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.
romanklis/openclaw-contained | stars: 22 | updated: 2026-03-23 | https://github.com/romanklis/openclaw-contained
Notes: TaskForge runs AI agents in sandboxed Docker containers with capability-based security. Agents start with minimal permissions and must request new capabilities (packages, network access, tools) through a human-in-the-loop approval process. Every approval triggers a container image rebuild, and every LLM interaction is logged for audit.
Markusino488/cve-2025-8088 | stars: 1 | updated: 2026-03-23 | https://github.com/Markusino488/cve-2025-8088
Notes: 🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders.

People and Organizations Mentioned

ESET
RARLAB
WinRAR
nomi-sec
Tencent
romanklis
Markusino488

Practical Defensive Validation (Authorized Only)

Use only isolated environments and systems you own or are explicitly authorized to test.
Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
Use rarlab / winrar (versions: < 7.13) in a sandbox and validate file-path normalization and denied-directory access telemetry.
Enforce least-privilege file permissions and disable unused file upload/download endpoints.
Detect anomalous reads in sensitive directories and unusual archive creation behavior.

References

This content is for defensive security training and authorized validation only.