RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(248462);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/21");

  script_cve_id("CVE-2025-8088");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/09/02");
  script_xref(name:"IAVA", value:"2025-A-0608");

  script_name(english:"RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed which is affected by a directory traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It
is, therefore, affected by a vulnerability:

  - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary
    code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton
    Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported 
version number.");
  # https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7f19c43d");
  script_set_attribute(attribute:"solution", value:
"Upgrade to RARLAB WinRAR version 7.13 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-8088");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:rarlab:winrar");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("winrar_win_installed.nbin");
  script_require_keys("installed_sw/RARLAB WinRAR", "SMB/Registry/Enumerated");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'RARLAB WinRAR', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '7.13'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);