【資安漏洞預警】WinRAR存在高風險安全漏洞(CVE-2025-8088)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】WinRAR存在高風險安全漏洞(CVE-2025-8088)，請儘速確認並進行修補 [Security Vulnerability Alert] WinRAR has a high-risk security vulnerability (CVE-2025-8088). Please confirm and patch it as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心 NISAC-200-202508-00000076 [內容說明] 研究人員發現Windows版本WinRAR存在路徑穿越(Path Traversal)漏洞(CVE-2025-8088)，未經身分鑑別之遠端攻擊者可利用漏洞製作惡意壓縮檔並透過釣魚信件發送，當受駭者開啟壓縮檔後，惡意程式將寫入開機資料夾中，並於每次開機時自動執行。該漏洞已遭駭客利用，請儘速確認並進行修補。 [影響平台] Windows版本WinRAR 7.12(含)以前版本 [建議措施] 請更新Windows版本WinRAR至7.13(含)以後版本 [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-8088 2. https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088 Forwarded from the National Information Security Information Sharing and Analysis Center (NISAC-200-202508-00000076) [Description] Researchers have discovered a path traversal vulnerability (CVE-2025-8088) in the Windows version of WinRAR. Unauthenticated remote attackers can exploit this vulnerability by creating a malicious compressed file and sending it via phishing emails. When the victim opens the compressed file, the malicious program is written to the startup folder and automatically executed every time the computer is restarted. This vulnerability has been exploited by hackers. Please confirm and patch it as soon as possible. [Affected Platforms] WinRAR for Windows versions 7.12 and earlier [Recommended Action] Please update WinRAR for Windows to version 7.13 and later. [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-8088 2. https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088
相關訊息
公告時間	2025/8/19 至 2026/2/19	點閱次數	52