WinRAR maintainers security patch release for CVE-2025-8088
Security Patch Release
Summary
Hide ▲
Show ▼
WinRAR maintainers released version 7.13 to fix CVE-2025-8088, an actively exploited Windows path-traversal flaw that could enable arbitrary code execution through malicious archives.
Related Happenings
7-Zip security update for symbolic-link ZIP flaws (CVE-2025-11001, CVE-2025-11002)
Security Patch Release
First: 19.11.2025 18:27
Last: 19.11.2025 18:27
Sources 1
About this happening:
**7-Zip** released **version 25.00** in **July 2025** to fix **CVE-2025-11001** and **CVE-2025-11002**, two ZIP symbolic-link flaws that could enable **remote code execution**. Th...
7-Zip security update for symbolic-link ZIP flaws (CVE-2025-11001, CVE-2025-11002)
Security Patch ReleaseAbout this happening: **7-Zip** released **version 25.00** in **July 2025** to fix **CVE-2025-11001** and **CVE-2025-11002**, two ZIP symbolic-link flaws that could enable **remote code execution**. Th...
Latest development: 20.11.2025 12:41
NHS England says threat actors are actively exploiting CVE-2025-11001 in vulnerable 7-Zip installations on Windows, where crafted ZIP symbolic links can write files outside the intended extraction folder and in some scenarios enable remote code execution. The agency also says a proof-of-concept exploit is available.
Astral security patch release for CVE-2025-62518
Security Patch Release
First: 22.10.2025 10:05
Last: 22.10.2025 10:05
Sources 1
About this happening:
**Astral** released **astral-tokio-tar 0.5.6** to fix a **boundary parsing flaw** in TAR processing that could enable **file overwriting** and **remote code execution**. The updat...
Astral security patch release for CVE-2025-62518
Security Patch ReleaseAbout this happening: **Astral** released **astral-tokio-tar 0.5.6** to fix a **boundary parsing flaw** in TAR processing that could enable **file overwriting** and **remote code execution**. The updat...
Timeline
-
11.08.2025 08:54 1 articles · 9mo ago
WinRAR zero-day exploit advertised on Exploit.in
Untyped PhaseThreat actor zeroplayer advertises an alleged WinRAR zero-day exploit on the Russian-language dark web forum Exploit.in for $80,000.
Show sources
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately — thehackernews.com — 11.08.2025 08:54
-
11.08.2025 08:54 1 articles · 9mo ago
RomCom exploits CVE-2025-8088 as a zero-day
Exploitation ObservedESET says RomCom first observed exploiting CVE-2025-8088 as a zero-day on July 18, 2025, using malicious archives with alternate data streams to trigger code execution and deliver backdoors including a SnipBot variant, RustyClaw, and Mythic agent against financial, manufacturing, defense, and logistics companies in Europe and Canada.
Show sources
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately — thehackernews.com — 11.08.2025 08:54
-
11.08.2025 08:54 1 articles · 9mo ago
WinRAR version 7.13 patches CVE-2025-8088
Mitigation Patch UpdateWinRAR maintainers release version 7.13 on July 30, 2025 to fix CVE-2025-8088, a Windows path-traversal flaw that could let specially crafted archives write files outside the intended directory and achieve arbitrary code execution in WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code, and UnRAR.dll; Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET are credited with discovering and reporting the defect.
Show sources
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately — thehackernews.com — 11.08.2025 08:54