CVE-2023-38831
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
19 articles
EPSS Score
Source: FIRST.org · 2026-05-24
93.88%
probability
This CVE has a 93.88% probability
of being exploited in the next 30 days.
0%
Top 99.9th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroIssue in the processing of the ZIP format
Attack Intelligence
Google Project Zero
Discovered
July 10, 2023
Patched
Aug. 2, 2023
Reported by
Andrey Polovinkin of Group-IB Threat Intelligence
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-38831.html
Exploits & PoC
b1tg/CVE-2023-38831-winrar-exploit
CVE-2023-38831 winrar exploit generator
789
Garck3h/cve-2023-38831
一款用于生成winrar程序RCE(即cve-2023-38831)的POC的工具。
128
ignis-sec/CVE-2023-38831-RaRCE
An easy to install and easy to run tool for generating exploit payloads for CVE-2023-38831, WinRAR RCE before versions 6.23
114
HDCE-inc/CVE-2023-38831
CVE-2023-38831 PoC (Proof Of Concept)
90
Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE
Pasos necesarios para obtener una reverse shell explotando la vulnerabilidad de winrar CVE-2023-38831 en versiones anteriores a 6.23.
22
xaitax/WinRAR-CVE-2023-38831
This module exploits a vulnerability in WinRAR (CVE-2023-38831). When a user opens a crafted RAR file and its embedded document, a script is executed,
16
MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC
This is a POC for the CVE-2023-3883 exploit targeting WinRAR up to 6.22. Modified some existing internet-sourced POCs by introducing greater dynamism
13
ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc
CVE-2023-38831 winrar exploit generator and get reverse shell
11
8 repos — triés par ⭐
Rechercher sur GitHub ↗
WinRAR zero-day exploited since April to hack trading accounts
BleepingComputer
Aug 23, 2023
Hackers used new Windows Defender zero-day to drop DarkMe malware
BleepingComputer
Feb 13, 2024
Defense Lessons From the Black Basta Ransomware Playbook
Qualys
Feb 25, 2025
Signal Intelligence
Confidence
87%
EPSS
93.88%
Mentions
19
Last Seen
Feb 25, 2025
CNA Information
Analyst Note
CVE-2023-38831 is a well-documented WinRAR arbitrary code execution vulnerability with a HIGH CVSS score (7.8) and confirmation by Google Project Zero, establishing strong credibility. The vulnerability involves a path traversal flaw where ZIP archives can exploit file/folder name collisions to execute malicious content, with clear technical details and demonstrated real-world exploitation potential.
Threat Actors 94
MuddyWater
apt_group
Information theft and espionage
🇮🇷 IR
Lazarus Group
apt_group
Information theft and espionage
🇰🇵 KP
Turla Group
apt_group
Information theft and espionage
Russian Federation
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
DarkHotel
apt_group
Information theft and espionage
🇰🇷 KR
Mustang Panda
apt_group
Information theft and espionage
🇨🇳 CN
Cobalt
apt_group
Financial crime
🇷🇺 RU
APT37
apt_group
Information theft and espionage
🇰🇵 KP
FIN7
apt_group
Financial crime
🇷🇺 RU
APT32
apt_group
Information theft and espionage
🇻🇳 VN
Kimsuky
apt_group
Information theft and espionage
🇰🇷 KR
SaintBear
apt_group
Information theft and espionage
🇷🇺 RU
CHRYSENE
apt_group
Information theft and espionage
🇮🇷 IR
Harvester
apt_group
Information theft and espionage
Unknown
Careto
apt_group
Information theft and espionage
🇪🇸 ES
Leviathan
apt_group
Information theft and espionage
🇨🇳 CN
BelialDemon
apt_group
🇷🇺 RU
Ghostwriter
apt_group
🇧🇾 BY
Hacking Team
apt_group
🇮🇹 IT
Energetic Bear
apt_group
Information theft and espionage
🇷🇺 RU
Nitro
apt_group
Information theft and espionage
🇨🇳 CN
MAGNALLIUM
apt_group
Sabotage and destruction
🇮🇷 IR
Ice Fog
apt_group
Information theft and espionage
🇨🇳 CN
DNSpionage
apt_group
Information theft and espionage
🇮🇷 IR
Kinsing
apt_group
🇷🇺 RU
Gamaredon Group
apt_group
Information theft and espionage
🇷🇺 RU
Dropping Elephant
apt_group
Information theft and espionage
🇮🇳 IN
UAC-0020
apt_group
🇺🇦 UA
APT3
apt_group
Information theft and espionage
🇨🇳 CN
Operation C-Major
apt_group
Information theft and espionage
🇵🇰 PK
HAZY TIGER
apt_group
Information theft and espionage
🇮🇳 IN
ELECTRUM
apt_group
Information theft and espionage
🇷🇺 RU
Infy
apt_group
Information theft and espionage
🇮🇷 IR
Naikon
apt_group
Information theft and espionage
🇨🇳 CN
SideCopy
apt_group
Information theft and espionage
🇵🇰 PK
TA570
apt_group
🇷🇺 RU
Wekby
apt_group
Information theft and espionage
🇨🇳 CN
Evilnum
apt_group
Information theft and espionage
TeamTNT
apt_group
🇩🇪 DE
ProjectSauron
apt_group
Information theft and espionage
🇺🇸 US
Predatory Sparrow
apt_group
Sabotage and destruction
🇮🇱 IL
PROMETHIUM
apt_group
Information theft and espionage
🇹🇷 TR
TA428
apt_group
Information theft and espionage
🇨🇳 CN
Silence group
apt_group
Financial crime
🇷🇺 RU
SideWinder
apt_group
🇮🇳 IN
Callisto
apt_group
Information theft and espionage
🇷🇺 RU
Pirate Panda
apt_group
Information theft and espionage
🇨🇳 CN
GhostNet
apt_group
Information theft and espionage
🇨🇳 CN
VICEROY TIGER
apt_group
Information theft and espionage
🇮🇳 IN
RAZOR TIGER
apt_group
Information theft and espionage
🇮🇳 IN
[Unnamed group]
apt_group
🇨🇳 CN
RomCom
apt_group
Financial gain
🇷🇺 RU
Larva-208
apt_group
🇷🇺 RU
Putter Panda
apt_group
Information theft and espionage
🇨🇳 CN
Opal Sleet
apt_group
🇰🇵 KP
Roaming Mantis
apt_group
🇯🇵 JP
NetTraveler
apt_group
Information theft and espionage
🇨🇳 CN
Twisted Panda
apt_group
Information theft and espionage
🇨🇳 CN
PhantomCore
apt_group
🇷🇺 RU
El Machete
apt_group
Information theft and espionage
🇻🇪 VE
APT-C-27
apt_group
Information theft and espionage
🇸🇾 SY
TeamXRat
apt_group
🇧🇷 BR
IXESHE
apt_group
Information theft and espionage
🇨🇳 CN
Anchor Panda
apt_group
Information theft and espionage
🇨🇳 CN
GCMAN
apt_group
Financial crime
🇷🇺 RU
PowerPool
apt_group
Information theft and espionage
🇷🇺 RU
Blue Termite
apt_group
Information theft and espionage
🇨🇳 CN
APT 22
apt_group
Information theft and espionage
🇨🇳 CN
Blackgear
apt_group
Information theft and espionage
🇨🇳 CN
Head Mare
apt_group
🇺🇦 UA
GC01
apt_group
Financial gain
🇨🇦 CA
UAC-0050
apt_group
🇷🇺 RU
UAC-0063
apt_group
🇷🇺 RU
Rocke
apt_group
🇨🇳 CN
RedAlpha
apt_group
Information theft and espionage
🇨🇳 CN
APT 6
apt_group
Information theft and espionage
🇨🇳 CN
GOFFEE
apt_group
🇷🇺 RU
PKPLUG
apt_group
Information theft and espionage
🇨🇳 CN
Scarab
apt_group
Information theft and espionage
🇨🇳 CN
ZooPark
apt_group
Information theft and espionage
🇮🇷 IR
ToddyCat
apt_group
Information theft and espionage
🇨🇳 CN
Pat Bear
apt_group
🇸🇾 SY
Operation Digital Eye
apt_group
Information theft and espionage
🇨🇳 CN
ExCobalt
apt_group
🇷🇺 RU
Unnamed Actor
apt_group
🇨🇳 CN
Operation Parliament
apt_group
Information theft and espionage
🇵🇰 PK
Mana Team
apt_group
🇨🇳 CN
Iron Group
apt_group
Information theft and espionage
🇨🇳 CN
Poisonous Panda
apt_group
Information theft and espionage
🇨🇳 CN
Operation Ghoul
apt_group
Information theft and espionage
Lurk
apt_group
Financial crime
🇷🇺 RU
DarkCasino
apt_group
Financial gain
UAC-0099
apt_group
🇺🇦 UA
Unit 29155
apt_group
Sabotage and destruction
🇷🇺 RU
Triage Info
Decided atMar 03, 2026