WinRAR < 5.00 Filename Spoofing RCE

Advisories

severity: critical
date: July 25, 2025
Affecting: WinRAR 3.80 - 3.91
WinRAR 4.11 - 5.00
CVE: CVE-2014-125119
CVE type: Unrestricted File Upload
CVSS: 8.4
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: Vendor Advisory
Researcher Disclosure
Exploitation Evidence
Metasploit Module
Credit: chr1x
VulnCheck KEV: This advisory is in the VulnCheck KEV database