CVE-2025-8088
Path traversal vulnerability in WinRAR
Em resumo
O WinRAR no Windows tem uma falha que permite que atacantes executem código malicioso através de arquivos compactados especialmente preparados. Ao abrir esses arquivos, o código do atacante pode ser executado no seu computador.
Detalhe técnico
Uma vulnerabilidade de path traversal no WinRAR para Windows permite execução remota de código através de arquivos compactados maliciosos. A falha explora validação insuficiente de caminhos durante a extração, permitindo que atacantes gravem e executem código arbitrário; a vulnerabilidade já foi explorada ativamente na natureza.
Resumo gerado e traduzido por IA a partir da descrição oficial.
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
win.rar GmbH · WinRARPoCs públicas encontradas — 29
githubgithub.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-★ 71githubgithub.com/onlytoxi/CVE-2025-8088-Winrar-Tool★ 56githubgithub.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR★ 46githubgithub.com/hexsecteam/CVE-2025-8088-Winrar-Tool★ 40githubgithub.com/pentestfunctions/CVE-2025-8088-Multi-Document★ 36githubgithub.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool★ 28githubgithub.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal★ 12githubgithub.com/pentestfunctions/best-CVE-2025-8088★ 10githubgithub.com/jordan922/CVE-2025-8088★ 10githubgithub.com/starfallreverie/winrar-exploit★ 8githubgithub.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition★ 8githubgithub.com/lennertdefauw/CVE-2025-8088★ 5githubgithub.com/walidpyh/CVE-2025-8088★ 5githubgithub.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui★ 3githubgithub.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC★ 2githubgithub.com/travisbgreen/cve-2025-8088★ 2githubgithub.com/undefined-name12/CVE-2025-8088-Winrar★ 2githubgithub.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability★ 1githubgithub.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC★ 1githubgithub.com/pescada-dev/-CVE-2025-8088★ 1githubgithub.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC★ 1githubgithub.com/ilhamrzr/RAR-Anomaly-Inspector★ 1githubgithub.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit★ 0githubgithub.com/nhattanhh/CVE-2025-8088★ 0githubgithub.com/IsmaelCosma/CVE-2025-8088★ 0githubgithub.com/techcorp/CVE-2025-8088-Exploit★ 0githubgithub.com/ghostn4444/CVE-2025-8088★ 0githubgithub.com/shaheeryasirofficial/CVE-2025-8088★ 0githubgithub.com/hbesljx/CVE-2025-8088-EXP★ 0⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/https://support.dtsearch.com/faq/dts0245.htmhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-dayhttps://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeohttps://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5