RARLAB WinRAR Path Traversal Vulnerability

Added Aug. 12, 2025 • Due Sept. 2, 2025 • CVE-2025-8088

On Track RARLAB / WinRAR CWE-35

Description

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
https://nvd.nist.gov/vuln/detail/CVE-2025-8088

Additional Information

Catalog Version: 2025.08.12
Catalog Released: Aug. 12, 2025
Days Until Due: 10 days
Last Updated: 1 week, 3 days ago