PRP: Detector for WinRAR Path Traversal RCE (CVE-2025-8088)

[wannabemrrobot]

• Identifier of the vulnerability: CVE-2025-8088
• Affected software: WinRAR
  I would like to code a static detector to detect this high(CVSS v4 base score: 8.4) impact RCE which is relatively new at the time of this request. This vulnerability affects all windows systems using certain version of WinRAR zip utility. Kindly, let me know if it is okay to start the development.
• Type of vulnerability: Arbitrary Code Execution(RCE)
• Resources:
  CVE-2025-8088 Vuln Detail
  Another blog post for reference

[github-actions]

This issue has been put in your contributor queue. This usually
means that you already are working on a contribution and the
panel is waiting for your other contributions to be fully
merged.
An issue in your queue is not pre-approved. Any issue that is
not explicitely approved by the panel will not be eligible for
a reward.
Unless there is an emergency, an issue in your queue cannot be
claimed by another contributor.
~The OSV-SCALIBR PRP team

[wannabemrrobot]

Hi @erikvarga ,

I noticed that my WinRAR (CVE-2025-8088) PRP request is currently in the contributor queue hold. Since this CVE was published only a few days ago and qualifies as an emergent vulnerability with high rating, I just wanted to check if I should continue focusing on the accepted PRP #1132 or switch to working on this detector instead.

Your quick guidance will help ensure we make the most of this short opportunity window.

Thanks,
-- Wannabe Mr.Robot

[wannabemrrobot]

@erikvarga This is a follow-up for the above comment. Can you help with this?

[erikvarga]

Hi,

What detection method would you use for this CVE? Is there any special config needed for a vulnerable version to be exploitable? i.e. Would a custom detector be more accurate than using SCALIBR's existing extracting software inventory capabilities and using a vuln feed such as OSV.dev?

[wannabemrrobot]

Hi @erikvarga ,

I am aiming my custom detector to solve these issues:

1. Portable copies don’t register themselves.
2. non-default paths live outside typical scan scopes
3. WinRAR’s varied version/name strings break naive normalization.
   Thus, a small detector that does path-agnostic discovery + robust version parsing closes these gaps and then hands off to OSV matching.

[erikvarga]

Thanks for the context @wannabemrrobot - We decided to move this to the top of the queue based on the recency of the CVE and the improvements in detection quality. Feel free to start working on this instead of #1132.

[github-actions]

Congratulations, your request has been approved! 🎉
This means that you can start working on this contribution.
❗ Please take a moment to fill the participation form
If you are unsure where to start, we have compiled a set of
useful guides in our documentation:

• Writing a new vulnerability detector plugin
• Writing a new inventory extraction plugin
• Main directory for secret detectors - More detailed docs will be available soon!
• General style guide

~The OSV-SCALIBR PRP team

[wannabemrrobot]

@erikvarga
CVE-2025-8088 detector PR #1187