Vulnerability in WinRAR Discovered: Attention Users!
A newly discovered vulnerability in the WinRAR archiver allows attackers to install malicious code on users’ computers. Tracked as CVE-2025-31334, this vulnerability affects WinRAR versions prior to 7.11 and is rated with a 6.8 CVSS score.
Windows’ “Mark of the Web” (MotW) security mechanism flags files downloaded from the internet with a special tag and issues a warning when trying to run them. However, due to the vulnerability in WinRAR, specially crafted symbolic links within malicious archives can bypass this protection.
In this case, when a user opens a malicious archive, WinRAR allows the execution of dangerous code without triggering system alerts.
What Risks Are Involved?
For a successful exploit, the user must open an archive sent by the attacker or visit a compromised web page hosting the malicious file.
While creating symbolic links generally requires administrator rights, the vulnerability can still be exploited through weakened settings or compromised admin accounts.
At this moment, there are no reports of active exploits using this vulnerability to spread viruses. However, in 2023, vulnerabilities such as CVE-2023-38831 were exploited to distribute viruses like DarkMe and Agent Tesla.
How to Protect Yourself?
✅ Update WinRAR to version 7.11 via the official RARLAB website.
✅ Do not open archives from untrusted sources.
✅ In organizations, restrict the creation of symbolic links to trusted administrators only.
The vulnerability was discovered by Taihei Shimamine from Mitsui Bussan Secure Directions and reported through JPCERT/CC and the Information Security Early Warning Partnership. The WinRAR developers quickly released a fix, but such threats may recur. Therefore, users must keep their software up to date and adhere strictly to security practices.
Popular software like WinRAR not only provides convenience but also brings potential risks. Methods to bypass the Mark of the Web have also been found in other tools like 7-Zip (e.g., CVE-2025-0411). As such, every user should keep their systems updated and treat suspicious files with caution.
🔒 Security is in your hands!
