ГлавнаяУязвимости → CVE-2025-8088
8.8высокая

CVE-2025-8088

Описание

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Затрагиваемое ПО
Rarlab WinrarMicrosoft WindowsDtsearch Dtsearch
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/https://support.dtsearch.com/faq/dts0245.htmhttps://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-dayhttps://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeohttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088