一、 漏洞 CVE-2025-8088 基础信息
漏洞信息
# WinRAR 路径遍历漏洞
## 概述
Windows 版本的 WinRAR 存在路径穿越漏洞,攻击者可通过构造恶意压缩文件在目标系统上执行任意代码。
## 影响版本
受影响的为存在该漏洞的 WinRAR Windows 版本(具体版本未提及)。
## 细节
漏洞允许攻击者通过精心构造的恶意存档文件触发路径穿越,从而在目标机器上执行任意代码。此漏洞已在实际攻击中被利用。
## 影响
成功利用该漏洞可导致远程代码执行,攻击者可完全控制受影响系统。
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Path traversal vulnerability in WinRAR
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
路径遍历:’…/…//’
来源:美国国家漏洞数据库 NVD
漏洞标题
WinRAR 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-8088 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Python tool for safe archive handling, path traversal awareness, and secure extraction. Inspired by CVE-2025-8088. | https://github.com/jordan922/CVE-2025-8088 | POC详情 |
| 2 | cve-2025-8088_detection | https://github.com/travisbgreen/cve-2025-8088 | POC详情 |
| 3 | WinRAR 0day CVE-2025-8088 PoC RAR Archive | https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR | POC详情 |
| 4 | CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit) | https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit- | POC详情 |
| 5 | Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088 | https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool | POC详情 |
| 6 | None | https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC | POC详情 |
| 7 | Exploit systems using older WinRAR | https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document | POC详情 |
| 8 | Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS) | https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC | POC详情 |
| 9 | None | https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui | POC详情 |
| 10 | 🚀 Demonstrate the WinRAR CVE-2025-8088 exploit with a PoC RAR archive that installs a VBScript on startup, showcasing its impact on vulnerable systems. | https://github.com/amel-62/WinRAR-CVE-2025-8088-PoC-RAR | POC详情 |
| 11 | This PoC is for authorized study and testing. CVE-2025-8088 is actively exploited, and misuse may violate laws or cause harm. Update to WinRAR 7.13+ to avoid suspicious RARs. | https://github.com/ghostn4444/CVE-2025-8088 | POC详情 |
| 12 | None | https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC | POC详情 |
| 13 | POWERSHEL script to check if your device is affected or no | https://github.com/pescada-dev/-CVE-2025-8088 | POC详情 |
| 14 | An engaging walkthrough on uncovering, patching, and securing the WinRAR CVE-2025-8088 with a hands-on hacker’s twist. | https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal | POC详情 |
| 15 | Winrar CVE exploitation before 7.13 using multiple ADS streams on a single file (Custom PDF implementation) | https://github.com/pentestfunctions/best-CVE-2025-8088 | POC详情 |
| 16 | None | https://github.com/nyra-workspace/CVE-2025-8088 | POC详情 |
| 17 | A high-performance, memory-safe implementation of the WinRAR CVE-2025-8088 exploit tool, rewritten in Rust for better reliability and performance. | https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition | POC详情 |
| 18 | None | https://github.com/walidpyh/CVE-2025-8088 | POC详情 |
| 19 | None | https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool | POC详情 |
| 20 | WinRAR CVE-2025-8088 exploit tool | https://github.com/cozythrill/CVE-2025-8088 | POC详情 |
| 21 | CVE-2025-8088 path traversal tool | https://github.com/tartalu/CVE-2025-8088 | POC详情 |
| 22 | A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution. | https://github.com/techcorp/CVE-2025-8088-Exploit | POC详情 |
| 23 | CVE-2025-8088 | https://github.com/nhattanhh/CVE-2025-8088 | POC详情 |
| 24 | None | https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability | POC详情 |
| 25 | WinRAR漏洞CVE-2025-8088的payload一键生成工具 | https://github.com/hbesljx/CVE-2025-8088-EXP | POC详情 |
| 26 | CVE-2025-8088 path traversal tool | https://github.com/Osinskitito499/CVE-2025-8088 | POC详情 |
| 27 | CVE-2025-8088 path traversal tool | https://github.com/m4nbun/CVE-2025-8088 | POC详情 |
| 28 | 🚨 Exploit WinRAR CVE-2025-8088 with this PoC RAR archive, demonstrating the vulnerability and its impact when executed on the affected software. | https://github.com/pablo388/WinRAR-CVE-2025-8088-PoC-RAR | POC详情 |
| 29 | CVE-2025-8088 exploit C++ impl | https://github.com/lucyna77/winrar-exploit | POC详情 |
| 30 | CVE-2025-8088 based path traversal tool | https://github.com/kyomber/CVE-2025-8088 | POC详情 |
| 31 | None | https://github.com/Fathi-MO/POC-CVE-2025-8088 | POC详情 |
| 32 | CVE-2025-8088 based path traversal tool | https://github.com/haspread/CVE-2025-8088 | POC详情 |
| 33 | CVE-2025-8088 based path traversal tool | https://github.com/tookATE/CVE-2025-8088 | POC详情 |
| 34 | WinRAR 0day CVE-2025-8088 PoC RAR Archive | https://github.com/Snorx-cyber/CVE-2025-8088-builder | POC详情 |
| 35 | CVE-2025-8088-BUILDER | https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool | POC详情 |
| 36 | path traversal tool based on cve-2025-8088 | https://github.com/blowrrr/cve-2025-8088 | POC详情 |
| 37 | A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower | https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder | POC详情 |
| 38 | Path traversal tool based on cve-2025-8088 vulnerability | https://github.com/kaucent/CVE-2025-8088 | POC详情 |
| 39 | path traversal tool based on cve 2025 8088 vurnelability | https://github.com/mocred/cve-2025-8088 | POC详情 |
| 40 | CVE-2025-8088 | https://github.com/B1ack4sh/Blackash-CVE-2025-8088 | POC详情 |
| 41 | None | https://github.com/nuky-alt/CVE-2025-8088 | POC详情 |
| 42 | Path traversal tool based on cve 2025 8088 | https://github.com/h4vier/cve-2025-8088 | POC详情 |
| 43 | Path traversal tool based on cve-2025-8088 | https://github.com/4daysday/cve-2025-8088 | POC详情 |
| 44 | CVE-2025-8088 | https://github.com/Ashwesker/Blackash-CVE-2025-8088 | POC详情 |
| 45 | None | https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit | POC详情 |
| 46 | 🛠 Exploit CVE-2025-8088 with this Python tool to generate malicious WinRAR archives that ensure payload persistence in Windows startup folders. | https://github.com/Markusino488/cve-2025-8088 | POC详情 |
| 47 | CVE 2025 8088 | https://github.com/vitalichkaa/CVE-2025-8088 | POC详情 |
| 48 | Defensive PowerShell tool for static inspection of RAR archives and detection of CVE-2025-8088 path traversal anomalies. | https://github.com/ilhamrzr/RAR-Anomaly-Inspector | POC详情 |
三、漏洞 CVE-2025-8088 的情报信息
标题: WinRAR News: WinRAR 7.13 Final released -- 🔗来源链接
标签:
神龙速读:### 关键漏洞信息 - **漏洞类型**: 目录遍历漏洞 (Directory Traversal Vulnerability) - **影响版本**: WinRAR 7.12 及之前版本 - **修复版本**: WinRAR 7.13 - **漏洞描述**: - 在解压缩文件时,之前的WinRAR版本、Windows版本的RAR、UnRAR、便携式UnRAR源代码和UnRAR.dll可以通过在特别制作的存档中定义的路径被欺骗,而不是使用用户指定的路径。 - Unix版本的RAR、UnRAR、便携式UnRAR源代码和UnRAR库以及Android版RAR不受此安全问题的影响。 - **发现者**: Anton Cherepanov, Peter Kosinar 和 Peter Strycek from ESET ### 其他修复内容 - **修复了以下Bug**: - WinRAR 7.12 的“从文件导入设置”命令无法恢复由WinRAR 7.12之前版本保存的设置。 - WinRAR 7.12 设置的压缩配置文件的恢复大小大于指定大小,这些配置文件是由WinRAR 5.21及更早版本创建的。
- https://nvd.nist.gov/vuln/detail/CVE-2025-8088
四、漏洞 CVE-2025-8088 的评论
暂无评论