来源

关联漏洞

描述

Proof-of-Concept for CVE-2025-8088 vulnerability in WinRAR (path traversal via ADS)

介绍

# PoC for CVE-2025-8088: Path Traversal in WinRAR

## Vulnerability Description ☢️
CVE-2025-8088 (CVSS 8.4) is a path traversal vulnerability in WinRAR ≤7.12 that allows files to be placed outside the unpacking directory via alternate data streams (ADS) in a RAR archive. It is exploited to deliver malware to system folders such as Startup (%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup), for persistence.

-ame}"
with openThe archive contains a decoy file with ADS, the names of which include the sequences ..\ for traversal. When extracting, WinRAR places the stream content in the traversed path.
- ⚙️Techniques: Path traversal + NTFS ADS to hide the payload.
- ❗Danger: Automatically launches malware on reboot without notifying the user.

🟩Usage:
Install WinRAR (rar.exe in PATH).
Prepare the payload (for example, a bat script: echo Malware > %TEMP%\infected.txt).
Run: python poc.py --decoy resume.txt --payload evil.bat --out exploit.rar
Unpack exploit.rar in vulnerable WinRAR - the payload will end up in Startup.

🟥Disclaimer
For research only. The author is not responsible for misuse. Test in an isolated environment environment.

📄Sources: ESET Research, NVD.

文件快照

 [4.0K]  /data/pocs/a5dc0aad2c7e75da17627e3a1366232a99841561
├── [1.0K]  LICENSE
├── [2.4K]  poc.py
└── [1.2K]  README.md

0 directories, 3 files

备注