Security advisory: A zero-day path traversal vulnerability has been discovered in the Windows version of a popular file archiver utility, WinRAR. The vulnerability tracked as CVE-2025-8088, affects multiple Windows-based WinRAR an components, which has already been exploited in the wild.

Severity	High
CVSS Score	8.4
CVEs	CVE-2025-8088
POC Available	Yes
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 
This flaw allows attackers to manipulate the extraction path of files from a malicious archive, enabling them to place arbitrary code file in sensitive system folders, overwrite important files and even execute malicious code immediately upon extraction. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Path Traversal Vulnerability	CVE-2025-8088	WinRAR (Windows versions), RAR, UnRAR, portable UnRAR (Windows), UnRAR.dll	8.4	WinRAR 7.13

Technical Summary 

When extracting files, vulnerable versions of WinRAR could be tricked into using a maliciously crafted file path embedded inside an archive rather than the user’s intended extraction directory. This occurs when the extraction process fails to properly validate and sanitize file paths before writing them to disk. 
As a result, attackers can: 

• Place malicious files in protected system directories. 

• Overwrite critical system/application files. 

• Trigger automatic execution of malware without further user action. 

Most common attack vector involves sending a malicious archive via phishing or other social engineering techniques. When opened with a vulnerable WinRAR version, the malware is silently deployed and executed. 

Unix versions of RAR, UnRAR, UnRAR library, RAR for Android are not affected for this vulnerability. 

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-8088	WinRAR and related components on Windows version (RAR, UnRAR, portable UnRAR, UnRAR.dll)	Flawed extraction path handling allows files to be placed outside the intended extraction directory.	Allows arbitrary file placement, overwriting critical files, and executing malicious code without user interaction.

Recommendations: 

Here are the recommendations below you can follow 

• Update immediately to WinRAR 7.13 or newer version from the official WinRAR website. 

• Avoid extracting archives from untrusted or unknown sources. 

• Enable endpoint protection and ensure it scans archives before extraction. 

• Audit your system for unusual or unauthorized files in system directories. 

Conclusion: 
CVE-2025-8088 shows that even widely trusted tools like WinRAR can become high-risk targets when flaws allow silent malware deployment during normal usage. Given that this zero-day has already been exploited, updating to WinRAR 7.13 immediately is crucial. Additionally, users should avoid extracting files from unknown sources and maintain strong endpoint protection. 

References: 

• https://securityonline.info/winrar-update-zero-day-path-traversal-flaw-cve-2025-8088-actively-exploited-to-deliver-malware/ 

• https://cybersecuritynews.com/winrar-0-day-in-phishing-attacks/