WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files in unintended system locations. Tracked as CVE-2025-8088, the vulnerability has a high severity rating with a CVSS score of 8.4.
Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the vulnerability to WinRAR. It is currently unknown how and by whom the vulnerability is weaponized in real-world attacks. Another WinRAR vulnerability (CVE-2023-38831) was heavily exploited in 2023 by several Russian and Chinese threat actors.
CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before September 2, 2025.
WinRAR is among the world’s most popular compression tools, with over 500 million users worldwide. The tool offers improved ways to compress files for efficient and secure transfer, fast email transmission, and well-organized data storage options.
Vulnerability Details
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code, and UnRAR.dll can be tricked into using a path defined in a specially crafted archive, instead of a specified path,” WinRAR explained in an advisory.
Affected versions
The vulnerability affects WinRAR versions before 7.13.
NOTE: Unix versions of RAR, UnRAR, portable UnRAR source code, and UnRAR library, as well as RAR for Android, are not affected.
Mitigation
Users must upgrade to WinRAR version 7.13 to patch the vulnerability.
For more information, please refer to the WinRAR Release Notes.
Qualys Detection
Qualys customers can scan their devices with QID 383966 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References