【Vulnerability Alert】WinRAR Contains a High-Risk Security Vulnerability (CVE-2025-8088), Please Verify and Patch Immediately

publish date : 2025-08-25 update date : 2025-08-25

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025081811082626	Publication Time	2025/08/18 11:03
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/08/18 11:03
Impact Level	Medium
[Subject] 【Vulnerability Alert】WinRAR Contains a High-Risk Security Vulnerability (CVE-2025-8088), Please Verify and Patch Immediately
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202508-00000076 Researchers discovered that the Windows version of WinRAR contains a Path Traversal vulnerability (CVE-2025-8088). An unauthenticated remote attacker could exploit this vulnerability by creating a malicious compressed file and sending it through phishing emails. When the victim opens the compressed file, the malicious program will be written into the startup folder and will automatically execute each time the system starts. This vulnerability has already been exploited by hackers. Please verify and patch immediately. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Windows versions of WinRAR 7.12 and earlier
[Recommended Actions] Update Windows version of WinRAR to 7.13 or later
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-8088 2. https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share