CVE-2025-8088 PoC — WinRAR 安全漏洞

Source

https://github.com/nyra-workspace/CVE-2025-8088

Associated Vulnerability

Title:WinRAR 安全漏洞 (CVE-2025-8088)
Description:WinRAR是WinRAR公司的一款文件压缩器。该产品支持RAR、ZIP等格式文件的压缩和解压等。 WinRAR存在安全漏洞，该漏洞源于路径遍历问题，可能导致任意代码执行。

Readme

# WinRAR CVE-2025-8088: Exploiting the Vulnerability

This readme provides a proof of concept (PoC) for exploiting CVE-2025-8088 in WinRAR. The vulnerability allows an attacker to change the executable file that gets run when a user interacts with a .ZIP file through WinRAR.

## Overview

The exploit involves modifying a specific registry key to point to a different executable. This can be used to run arbitrary commands or execute malicious code.

## Prerequisites

- Windows operating system
- Administrative privileges
- WinRAR installed

## Exploit Details

The vulnerable registry key is located at:
HKEY_CLASSES_ROOT\WinRAR.ZIP\shell\open\command

By modifying this key, an attacker can change the command that is executed when a .ZIP file is opened with WinRAR.

File Snapshot


 [4.0K]  /data/pocs/df30105426ffa3d9fb073d44d37eacf250deafa8
└── [ 772]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!