CVE-2025-8088 | WinRar | PT
| Vulnerability | CVE-2025-8088 |
|---|---|
| Type | Path Traversal Vulnerability |
| Description | Path traversal vulnerability in WinRar prior 7.12 which affecting Windows platform. Other platforms such as Linux are not affected. Threat actors are exploiting this vulnerability in the wild and utilizing NTFS alternate data streams to hide malicious files that will be written during extraction. |
| The Impact of the Bug | The vulnerability enable the threat actors to write files in unintended paths during extraction. |
| How to detect if you have a vulnerable application to this attack vector? | - Check WinRar version installed - Monitor any incoming emails with RAR attachment that includes unusual path such as “\.\..\" - Monitor any file creation by WinRar in unusual path such as startup folders |
| References | - https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 - https://www.eset.com/us/about/newsroom/research/eset-research-russian-romcom-group-exploits-new-vulnerability-targets-companies-in-europe-and-canada/ - https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day |