WinRAR Zero-Day Path Traversal Vulnerability (CVE‑2025‑8088)

LetsDefend Monitoring Alert

Aug, 15, 2025, 08:31 AM

Event ID: 321

Event Time: Aug, 15, 2025, 08:31 AM

Rule Name: SOC343 - WinRAR Zero-Day Path Traversal Vulnerability (CVE‑2025‑8088)

Alert Type: Malware

MITRE Technique:

T1021 - Lateral Movement - Remote Services,

T1587 - Resource Development - Develop Capabilities,

T1588 - Resource Development - Obtain Capabilities,

T1608 - Resource Development - Stage Capabilities,

T1087 - Discovery - Account Discovery,

T1552.001 - Credential Access - Unsecured Credentials: Credentials In Files,

T1546 - Persistence - Event Triggered Execution,

T1566.001 - Initial Access - Phishing: Spearphishing Attachment,

T1555 - Credential Access - Credentials from Password Stores,

T1027 - Defense Evasion - Obfuscated Files or Information,

T1560 - Collection - Archive Collected Data,

T1036 - Defense Evasion - Masquerading,

T1546 - Persistence - Event Triggered Execution,

T1204.001 - Execution - User Execution: Malicious Link,

T1497 - Defense Evasion - Virtualization/Sandbox Evasion,

T1547.001 - Persistence - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder,

T1036.001 - Defense Evasion - Masquerading: Invalid Code Signature,

T1518 - Discovery - Software Discovery,

T1583 - Resource Development - Acquire Infrastructure,

T1546.015 - Persistence - Event Triggered Execution: Component Object Model Hijacking,

T1480 - Defense Evasion - Execution Guardrails,

T1657 - Impact - Financial Theft,

Real World Example:⭐ On July 18th, 2025, ESET researchers discovered a zero-day vulnerability in WinRAR being exploited in the wild.

Severity: Critical

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166