Full Report
The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to apply mitigations. WinRAR has released version 7.13 to address a critical security vulnerability that has been actively exploited by cybercriminals, marking another significant security incident for […] The post CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild appeared first on Cyber Security News.
Analysis Summary
# Vulnerability: WinRAR Path Traversal Leading to Remote Code Execution
## CVE Details
- CVE ID: CVE-2025-8088
- CVSS Score: 8.4 (HIGH)
- CWE: Path Traversal (Implied by description)
## Affected Systems
- Products: WinRAR for Windows, UnRAR command-line utilities (Windows), UnRAR.dll, portable UnRAR.
- Versions: All WinRAR versions from 0 through 7.12.
- Configurations: Exploitation possible via maliciously crafted archive files. Linux/Unix builds are reportedly unaffected.
## Vulnerability Description
CVE-2025-8088 is a critical path traversal vulnerability affecting Windows versions of WinRAR and associated components. A specially crafted archive file allows an attacker to bypass user-specified extraction paths and write arbitrary files to unintended locations on the file system. This file writing capability can be leveraged to achieve arbitrary code execution on the compromised system. This flaw is distinct from a previously patched vulnerability in WinRAR 7.12.
## Exploitation
- Status: Actively exploited in the wild (Confirmed by CISA addition to KEV catalog). Associated with exploitation by the Russian RomCom group.
- Complexity: Attack complexity implied to be low given successful in-the-wild campaigns.
- Attack Vector: Network (via delivery of malicious archives, likely via phishing).
## Impact
- Confidentiality: High (Arbitrary code execution allows data exfiltration)
- Integrity: High (Arbitrary code execution allows system modification)
- Availability: High (Arbitrary code execution can lead to system disruption)
## Remediation
### Patches
- WinRAR version 7.13 addresses this vulnerability.
### Workarounds
- No specific workarounds were detailed in the provided context, but due to active exploitation, patching should be prioritized immediately. Users must handle all incoming archive files with extreme caution.
## Detection
- Detection methods are not detailed, but the attack involves the exploitation of archive handling upon extraction. Monitoring for unexpected file writes outside designated extraction directories related to WinRAR/UnRAR processes might be an indicator.
- CISA has added this to its Known Exploited Vulnerabilities (KEV) catalog with a compliance due date of September 2, 2025, for federal agencies.
## References
- CISA Known Exploited Vulnerabilities Catalog: cisa.gov/known-exploited-vulnerabilities-catalog
- Vendor Advisory (Implied release of WinRAR 7.13): win-rar.com/download-winrar.html?&L=0