cve-2025-8088_detection# CVE-2025-8088: WinRAR Path Traversal Detection
## Overview
This repository documents research and detection strategies for CVE-2025-8088, a path traversal vulnerability in WinRAR. Exploitation of this vulnerability can allow attackers to extract files outside the intended directory, leading to potential system compromise.
Travis via Corelight has developed and released network-based detection signatures and analytics to identify exploitation attempts of CVE-2025-8088.
## References
- [ESET Research](https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/)
- [CVE-2025-8088 Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8088)
- [Sample @ any.run](https://app.any.run/tasks/d8654a4c-260b-4b54-bfef-410be70367ab?p=687a474f15e4c5fc7c408ba1)
## Contact
For more information or access to detection content, contact Corelight support or visit [corelight.com](https://corelight.com).
[4.0K] /data/pocs/962bab64e0a64028bb9efc3e88365a56330d710a
├── [ 627] CVE_2025_8088_rar_ADS_traversal.yar
├── [1.4K] cve-2025-8088.rules
├── [ 36M] merged.pcap
└── [ 976] README.md
0 directories, 4 files