1.0 Introduction
Recently, WinRAR released security issue to address a zero-day path traversal vulnerability in the Windows version of WinRAR tracked as CVE-2025-8088 (High).
2.0 Impact
Successful exploitation of this vulnerability could allow specially crafted archives to manipulate the extraction process, placing malicious files in unintended system locations without user awareness and execute arbitrary code on victims’ systems.
3.0 Affected Products
- Windows versions of WinRAR (including previous releases of RAR, UnRAR, portable UnRAR source code and UnRAR.dll)
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the following link and apply the latest update:
Kindly, please refer to the URL below : https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5
Generally, CyberSecurity Malaysia advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact us through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.cybersecurity.my
5.0 References