一、 漏洞 CVE-2025-8088 基础信息
漏洞信息
                                        # WinRAR 路径遍历漏洞

## 概述

Windows 版本的 WinRAR 存在路径穿越漏洞,攻击者可通过构造恶意压缩文件在目标系统上执行任意代码。

## 影响版本

受影响的为存在该漏洞的 WinRAR Windows 版本(具体版本未提及)。

## 细节

漏洞允许攻击者通过精心构造的恶意存档文件触发路径穿越,从而在目标机器上执行任意代码。此漏洞已在实际攻击中被利用。

## 影响

成功利用该漏洞可导致远程代码执行,攻击者可完全控制受影响系统。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Path traversal vulnerability in WinRAR
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
路径遍历:’…/…//’
来源:美国国家漏洞数据库 NVD
漏洞标题
WinRAR 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-8088 的公开POC
# POC 描述 源链接 神龙链接
1 Python tool for safe archive handling, path traversal awareness, and secure extraction. Inspired by CVE-2025-8088. https://github.com/jordan922/CVE-2025-8088 POC详情
2 cve-2025-8088_detection https://github.com/travisbgreen/cve-2025-8088 POC详情
3 WinRAR 0day CVE-2025-8088 PoC RAR Archive https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR POC详情
4 CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit) https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit- POC详情
5 Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088 https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool POC详情
6 None https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC POC详情
7 Exploit systems using older WinRAR https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document POC详情
8 Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS) https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC POC详情
9 None https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui POC详情
10 🚀 Demonstrate the WinRAR CVE-2025-8088 exploit with a PoC RAR archive that installs a VBScript on startup, showcasing its impact on vulnerable systems. https://github.com/amel-62/WinRAR-CVE-2025-8088-PoC-RAR POC详情
11 This PoC is for authorized study and testing. CVE-2025-8088 is actively exploited, and misuse may violate laws or cause harm. Update to WinRAR 7.13+ to avoid suspicious RARs. https://github.com/ghostn4444/CVE-2025-8088 POC详情
12 None https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC POC详情
13 POWERSHEL script to check if your device is affected or no https://github.com/pescada-dev/-CVE-2025-8088 POC详情
14 An engaging walkthrough on uncovering, patching, and securing the WinRAR CVE-2025-8088 with a hands-on hacker’s twist. https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal POC详情
15 Winrar CVE exploitation before 7.13 using multiple ADS streams on a single file (Custom PDF implementation) https://github.com/pentestfunctions/best-CVE-2025-8088 POC详情
16 None https://github.com/nyra-workspace/CVE-2025-8088 POC详情
17 A high-performance, memory-safe implementation of the WinRAR CVE-2025-8088 exploit tool, rewritten in Rust for better reliability and performance. https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition POC详情
18 None https://github.com/walidpyh/CVE-2025-8088 POC详情
19 None https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool POC详情
20 WinRAR CVE-2025-8088 exploit tool https://github.com/cozythrill/CVE-2025-8088 POC详情
21 CVE-2025-8088 path traversal tool https://github.com/tartalu/CVE-2025-8088 POC详情
22 A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution. https://github.com/techcorp/CVE-2025-8088-Exploit POC详情
23 CVE-2025-8088 https://github.com/nhattanhh/CVE-2025-8088 POC详情
24 None https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability POC详情
25 WinRAR漏洞CVE-2025-8088的payload一键生成工具 https://github.com/hbesljx/CVE-2025-8088-EXP POC详情
26 CVE-2025-8088 path traversal tool https://github.com/Osinskitito499/CVE-2025-8088 POC详情
27 CVE-2025-8088 path traversal tool https://github.com/m4nbun/CVE-2025-8088 POC详情
28 🚨 Exploit WinRAR CVE-2025-8088 with this PoC RAR archive, demonstrating the vulnerability and its impact when executed on the affected software. https://github.com/pablo388/WinRAR-CVE-2025-8088-PoC-RAR POC详情
29 CVE-2025-8088 exploit C++ impl https://github.com/lucyna77/winrar-exploit POC详情
30 CVE-2025-8088 based path traversal tool https://github.com/kyomber/CVE-2025-8088 POC详情
31 None https://github.com/Fathi-MO/POC-CVE-2025-8088 POC详情
32 CVE-2025-8088 based path traversal tool https://github.com/haspread/CVE-2025-8088 POC详情
33 CVE-2025-8088 based path traversal tool https://github.com/tookATE/CVE-2025-8088 POC详情
34 WinRAR 0day CVE-2025-8088 PoC RAR Archive https://github.com/Snorx-cyber/CVE-2025-8088-builder POC详情
35 CVE-2025-8088-BUILDER https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool POC详情
36 path traversal tool based on cve-2025-8088 https://github.com/blowrrr/cve-2025-8088 POC详情
37 A POC exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder POC详情
38 Path traversal tool based on cve-2025-8088 vulnerability https://github.com/kaucent/CVE-2025-8088 POC详情
39 path traversal tool based on cve 2025 8088 vurnelability https://github.com/mocred/cve-2025-8088 POC详情
三、漏洞 CVE-2025-8088 的情报信息
四、漏洞 CVE-2025-8088 的评论

暂无评论

发表评论