Vulnerability intelligence
CVE-2025-8088
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
CVSS Score
8.4
High
EPSS — Exploit Probability
81%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2025-08-12
Remediation
Patch available
Federal deadline 2025-09-02
6 articles across 4 outlets · first covered Jun 1, 2026 · latest Jun 30, 2026
Associated threat actors
Coverage timeline
-
STOCKSTAY malware hits Ukraine, Italy via phishing RDP exploitssecurityonline.info · Jun 30, 2026
-
WinRAR Flaw CVE-2025-8088 Hits Ukrainian Firms Despite Patchsecurityonline.info · Jun 15, 2026
-
Russian APTs exploit WinRAR flaw CVE-2025-8088 to target Ukrainesecurityaffairs.com · Jun 10, 2026
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgswww.darkreading.com · Jun 9, 2026
-
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targetssecurityaffairs.com · Jun 4, 2026
-
Ukrainian networks hit by stealth Gamaredon worm via WinRAR flawwww.infosecurity-magazine.com · Jun 1, 2026