Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202508-00000076)

[Description]
Researchers have discovered a path traversal vulnerability (CVE-2025-8088) in the Windows version of WinRAR. Unauthenticated remote attackers can exploit this vulnerability by creating a malicious compressed file and sending it via phishing emails. When the victim opens the compressed file, the malicious program is written to the startup folder and automatically executed every time the computer is restarted. This vulnerability has been exploited by hackers. Please confirm and patch it as soon as possible.

[Affected Platforms]
WinRAR for Windows versions 7.12 and earlier

[Recommended Action]
Please update WinRAR for Windows to version 7.13 and later.

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-8088
2. https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088