CVE-2025-8088 PoC — WinRAR 安全漏洞

Source

https://github.com/travisbgreen/cve-2025-8088

Associated Vulnerability

Title:WinRAR 安全漏洞 (CVE-2025-8088)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于路径遍历问题，可能导致任意代码执行。

Description

cve-2025-8088_detection

Readme

# CVE-2025-8088: WinRAR Path Traversal Detection

## Overview
This repository documents research and detection strategies for CVE-2025-8088, a path traversal vulnerability in WinRAR. Exploitation of this vulnerability can allow attackers to extract files outside the intended directory, leading to potential system compromise.

Travis via Corelight has developed and released network-based detection signatures and analytics to identify exploitation attempts of CVE-2025-8088.

## References
- [ESET Research](https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/)
- [CVE-2025-8088 Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8088)
- [Sample @ any.run](https://app.any.run/tasks/d8654a4c-260b-4b54-bfef-410be70367ab?p=687a474f15e4c5fc7c408ba1)

## Contact

For more information or access to detection content, contact Corelight support or visit [corelight.com](https://corelight.com).

File Snapshot


 [4.0K]  /data/pocs/962bab64e0a64028bb9efc3e88365a56330d710a
├── [ 627]  CVE_2025_8088_rar_ADS_traversal.yar
├── [1.4K]  cve-2025-8088.rules
├── [ 36M]  merged.pcap
└── [ 976]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!