Main Vulnerability Database Vulnerabilities #VU113784

Path traversal in WinRAR - CVE-2025-8088

Published: August 9, 2025 / Updated: May 15, 2026

Vulnerability identifier: #VU113784

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2025-8088

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: RARLAB

Affected software:
WinRAR

Detailed vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences inside archives. A remote attacker can trick the victim into opening specially crafted archive and overwrite arbitrary files on the system, leading to remote code execution.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2025-8088

Install updates from vendor's website.

Sources

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5

Path traversal in WinRAR - CVE-2025-8088

Detailed vulnerability description

How to mitigate CVE-2025-8088

Sources

Please verify you're human