Summary: A vulnerability in WinRAR allows attackers to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on Windows machines. This issue, tracked as CVE-2025-31334, affects all WinRAR versions prior to 7.11 and was discovered through responsible disclosure by researchers in Japan. The latest version of WinRAR has addressed this security flaw.
Affected: WinRAR (versions prior to 7.11)
Keypoints :
- The CVE-2025-31334 vulnerability enables arbitrary code execution via a symbolic link that bypasses MotW warnings.
- This vulnerability was assigned a medium severity score of 6.8 and was reported by a researcher affiliated with Mitsui Bussan Secure Directions.
- WinRAR version 7.11 offers a fix and includes features to enhance user privacy by removing certain MotW data associated with executable files.