All CVEs
Vulnerability intelligence

CVE-2025-8088

RARLAB WinRAR CWE-35

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

CVSS Score
8.4
High
EPSS — Exploit Probability
81%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2025-08-12
Remediation
Patch available
Federal deadline 2025-09-02
NVD entry Vendor patch PoC / advisory CISA KEV

6 articles across 4 outlets · first covered Jun 1, 2026 · latest Jun 30, 2026

Associated threat actors

Coverage timeline