Exploit for Path Traversal in Rarlab Winrar_65E110B6-22C3-5609-A7CB-C20D761D5783

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

# PoC for CVE-2025-8088: Path Traversal in WinRAR

## Vulnerability Description ☢️
CVE-2025-8088 (CVSS 8.4) is a path traversal vulnerability in WinRAR ≤7.12 that allows files to be placed outside the unpacking directory via alternate data streams (ADS) in a RAR archive. It is exploited to deliver malware to system folders such as Startup (%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup), for persistence.

-ame}"
with openThe archive contains a decoy file with ADS, the names of which include the sequences ..\ for traversal. When extracting, WinRAR places the stream content in the traversed path.
- ⚙️Techniques: Path traversal + NTFS ADS to hide the payload.
- ❗Danger: Automatically launches malware on reboot without notifying the user.

🟩Usage:
Install WinRAR (rar.exe in PATH).
Prepare the payload (for example, a bat script: echo Malware > %TEMP%\infected.txt).
Run: python poc.py --decoy resume.txt --payload evil.bat --out exploit.rar
Unpack exploit.rar in vulnerable WinRAR - the payload will end up in Startup.

🟥Disclaimer
For research only. The author is not responsible for misuse. Test in an isolated environment environment.

📄Sources: ESET Research, NVD.

Visit Original Source

Basic Information

ID 65E110B6-22C3-5609-A7CB-C20D761D5783

Published Aug 17, 2025 at 06:31

Modified Aug 17, 2025 at 10:47

{
    "lastseen": "2025-08-18T21:27:23",
    "description": "# PoC for CVE-2025-8088: Path Traversal in WinRAR\n\n## Vulnerability Description \u2622\ufe0f\nCVE-2025-8088 (CVSS 8.4) is a path traversal vulnerability in WinRAR \u22647.12 that allows files to be placed outside the unpacking directory via alternate data streams (ADS) in a RAR archive. It is exploited to deliver malware to system folders such as Startup (%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup), for persistence.\n\n-ame}\"\nwith openThe archive contains a decoy file with ADS, the names of which include the sequences ..\\ for traversal. When extracting, WinRAR places the stream content in the traversed path.\n- \u2699\ufe0fTechniques: Path traversal + NTFS ADS to hide the payload.\n- \u2757Danger: Automatically launches malware on reboot without notifying the user.\n\n\ud83d\udfe9Usage:\nInstall WinRAR (rar.exe in PATH).\nPrepare the payload (for example, a bat script: echo Malware > %TEMP%\\infected.txt).\nRun: python poc.py --decoy resume.txt --payload evil.bat --out exploit.rar\nUnpack exploit.rar in vulnerable WinRAR - the payload will end up in Startup.\n\n\ud83d\udfe5Disclaimer\nFor research only. The author is not responsible for misuse. Test in an isolated environment environment.\n\n\ud83d\udcc4Sources: ESET Research, NVD.\n",
    "published": "2025-08-17T06:31:47",
    "modified": "2025-08-17T10:47:53",
    "type": "githubexploit",
    "title": "Exploit for Path Traversal in Rarlab Winrar",
    "source": "",
    "references": "",
    "id": "65E110B6-22C3-5609-A7CB-C20D761D5783",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-8088"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply