WinRAR Vulnerability (CVE-2025-8088)

Service Advisory 

A recently discovered vulnerability in WinRAR (CVE-2025-8088) impacts the Windows version, allowing the attackers to execute arbitrary code by crafting malicious archive files.

Severity level 
CVSS Score: 8.4/High

Description:
WinRAR is among the world's most popular compression tools. The tool offers improved ways to compress files for efficient and secure transfer, fast email transmission, and well-organized data storage options. This vulnerability is a path traversal flaw that exploits alternate data streams in specially crafted archive files. When extracted, these archives silently deploy malicious files—such as DLLs and .lnk shortcuts—into sensitive system directories.

Affected Versions :
All WinRAR versions up to and including 7.12.

Impact:
Successful exploitation allows attackers to execute arbitrary code.

Resolution:
Update to WinRAR version 7.13 or later.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2025-8088

https://www.cyber.gc.ca/en/alerts-advisories/winrar-security-advisory-av25-499

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5

https://www.tenable.com/plugins/nessus/248462

https://threatprotect.qualys.com/2025/08/11/winrar-path-traversal-vulnerability-exploited-in-the-wild-cve-2025-8088/

UIT Information Security

Contact

IT Client Services at askIT@yorku.ca or 416 736 5800

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web