一、 漏洞 CVE-2025-8088 基础信息
漏洞信息
# WinRAR 路径遍历漏洞
## 概述
Windows 版本的 WinRAR 存在路径穿越漏洞,攻击者可通过构造恶意压缩文件在目标系统上执行任意代码。
## 影响版本
受影响的为存在该漏洞的 WinRAR Windows 版本(具体版本未提及)。
## 细节
漏洞允许攻击者通过精心构造的恶意存档文件触发路径穿越,从而在目标机器上执行任意代码。此漏洞已在实际攻击中被利用。
## 影响
成功利用该漏洞可导致远程代码执行,攻击者可完全控制受影响系统。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Path traversal vulnerability in WinRAR
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
路径遍历:’…/…//’
来源:美国国家漏洞数据库 NVD
漏洞标题
WinRAR 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞,该漏洞源于路径遍历问题,可能导致任意代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-8088 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Python tool for safe archive handling, path traversal awareness, and secure extraction. Inspired by CVE-2025-8088. | https://github.com/jordan922/CVE-2025-8088 | POC详情 |
| 2 | cve-2025-8088_detection | https://github.com/travisbgreen/cve-2025-8088 | POC详情 |
| 3 | WinRAR 0day CVE-2025-8088 PoC RAR Archive | https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR | POC详情 |
| 4 | CVE-2025-8088 WinRAR Proof of Concept (PoC-Exploit) | https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit- | POC详情 |
| 5 | Advanced WinRAR Path Traversal Exploit Tool for CVE-2025-8088 | https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool | POC详情 |
| 6 | None | https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC | POC详情 |
| 7 | Exploit systems using older WinRAR | https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document | POC详情 |
| 8 | Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS) | https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC | POC详情 |
| 9 | None | https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui | POC详情 |
| 10 | 🚀 Demonstrate the WinRAR CVE-2025-8088 exploit with a PoC RAR archive that installs a VBScript on startup, showcasing its impact on vulnerable systems. | https://github.com/amel-62/WinRAR-CVE-2025-8088-PoC-RAR | POC详情 |
| 11 | This PoC is for authorized study and testing. CVE-2025-8088 is actively exploited, and misuse may violate laws or cause harm. Update to WinRAR 7.13+ to avoid suspicious RARs. | https://github.com/ghostn4444/CVE-2025-8088 | POC详情 |
| 12 | None | https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC | POC详情 |
| 13 | POWERSHEL script to check if your device is affected or no | https://github.com/pescada-dev/-CVE-2025-8088 | POC详情 |
| 14 | An engaging walkthrough on uncovering, patching, and securing the WinRAR CVE-2025-8088 with a hands-on hacker’s twist. | https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal | POC详情 |
| 15 | Winrar CVE exploitation before 7.13 using multiple ADS streams on a single file (Custom PDF implementation) | https://github.com/pentestfunctions/best-CVE-2025-8088 | POC详情 |
| 16 | None | https://github.com/nyra-workspace/CVE-2025-8088 | POC详情 |
| 17 | A high-performance, memory-safe implementation of the WinRAR CVE-2025-8088 exploit tool, rewritten in Rust for better reliability and performance. | https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition | POC详情 |
| 18 | None | https://github.com/walidpyh/CVE-2025-8088 | POC详情 |
三、漏洞 CVE-2025-8088 的情报信息
四、漏洞 CVE-2025-8088 的评论
暂无评论