CVE-2025-8088
HIGH · 8.8 KEV EPSS 81.3%Confirmed APT campaigns, 12+ documented waves, KEV-listed, threat researcher corroboration.
What: Path traversal in Windows WinRAR allows arbitrary code execution via malicious archives (CVSS 8.8, EPSS 0.93).
Why it matters: KEV-listed since August 2025. Confirmed in-the-wild exploitation by Russian-aligned APT groups (Gamaredon, SHADOW-EARTH-066) targeting Ukrainian critical infrastructure and government since late 2025—over 12 documented spearphishing waves through May 2026. Patch available but adoption remains poor; attackers continue active campaigns.
Where it's seen: Threat intelligence reports (Trend Micro, ESET, Harfang Lab, Stalkware) documenting sustained exploitation campaigns. Social chatter focuses on Gamaredon's use of GiftedCrook infostealer, GammaDrop payloads, and HTA delivery chains; discussion of archive format evasion (ARJ spoofing) as attackers adapt.
RISK: CRITICAL — In-the-wild exploitation against critical infrastructure; KEV-listed; poor patch adoption enables ongoing attacks.
Description
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
CVSS 3.1 breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H- Attack vector
- Network
- Complexity
- Low
- Privileges required
- None
- User interaction
- Required
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Affected versions
- rarlab/winrar
- < 7.13
- dtsearch/dtsearch
- < 2023.01