CVE-2025-8088

Опубликовано: 08 авг. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Ссылки

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
Release Notes
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/
Press/Media Coverage
https://support.dtsearch.com/faq/dts0245.htm
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-day
Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeo
Mitigation
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088
US Government Resource
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088
Press/Media Coverage

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*

Версия до 7.13 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:dtsearch:dtsearch:*:*:*:*:*:*:*:*

Версия до 2023.01 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03898

Низкий

8.8 High

CVSS3

Дефекты

CWE-35

Связанные уязвимости

GHSA-832g-3rcm-wcrf

CVSS3: 8.8

github

6 месяцев назад

BDU:2025-09597

CVSS3: 7.8

fstec