Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Proof of Concept PoC-Exploit !PoCht...

WinRAR vulnerability exploited by two different groups

On July 30, 2025, WinRAR released a new version 7.13 Final to patch a vulnerability which was used in two separate malware campaigns. WinRAR is a popular file archiving and data compression tool that allows users to compress files into smaller archives, like RAR and ZIP, and can also unpack vario...

PT-2025-32352

Name of the Vulnerable Software and Affected Versions WinRAR versions 6.0 through 7.01 WinRAR versions prior to 7.13 Description A path traversal issue exists in the Windows version of WinRAR due to improper limitation of a pathname to a restricted directory. The archive parser fails to sanitize...