Statement on CVE 2025-8088 Path traversal vulnerability in WinRAR

August 8, 2025

Information

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Risk

Low

Response

Melissa Data Corporation (“Melissa”) is aware of the WinRAR vulnerability. After an extensive review by Melissa’s IT department and developers, we’ve determined that no customer-facing devices were affected by the vulnerability. Internally, some development environment instances were running vulnerable versions of the software which have been properly patched on August 12, 2025.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.