[Vulnerability Alert] WinRAR has a high-risk security vulnerability (CVE-2025-8088), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] WinRAR has a high-risk security vulnerability (CVE-2025-8088), please confirm and patch as soon as possible
• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202508-00000076
  • Researchers have discovered a Path Traversal vulnerability (CVE-2025-8088) in the Windows version of WinRAR. An unauthenticated remote attacker can exploit this vulnerability to create a malicious compressed file and send it via a phishing email. When the victim opens the compressed file, the malicious program will be written to the startup folder and automatically executed every time the computer boots. This vulnerability has already been exploited by hackers, so please confirm and patch it as soon as possible.
• Affected Platforms:
  • Windows version of WinRAR 7.12 and earlier.
• Recommended Measures:
  • Please update the Windows version of WinRAR to 7.13 and later.
• References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-8088
  2. https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088

Computer and Communications Center
Network Systems Group