CVE-2025-8088

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.13

Description A path traversal issue exists in the Windows version of WinRAR due to improper limitation of a pathname to a restricted directory. The archive parser fails to sanitize directory traversal sequences in archive entries, allowing attackers to use Alternate Data Streams (ADS) to write files outside the intended extraction path. By crafting malicious archive files, an attacker can achieve arbitrary file write with the privileges of the WinRAR process, often placing malicious payloads in the Windows Startup folder to ensure persistence or hijacking DLLs and overwriting batch files. This flaw allows for remote code execution when a user opens a specially crafted archive. The issue has been exploited in the wild by various state-sponsored groups, including those from Russia and China, as well as financially motivated cybercriminals, targeting government, military, and technology sectors in regions such as Southeast Asia and Ukraine.

Recommendations Update WinRAR to version 7.13 or later. As a temporary workaround, disable WinRAR integration with Windows Explorer. Restrict execution of WinRAR.exe via Group Policy where not required. Quarantine .rar, .zip, and .7z attachments from external sources.