vulnerability

Rarlab WinRAR: WinRAR vulnerable to the symbolic link based 'Mark of the Web' check bypass (CVE-2025-31334)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:M/Au:M/C:C/I:C/A:C)	Apr 17, 2025	Apr 17, 2025	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:M/C:C/I:C/A:C)

Published

Apr 17, 2025

Added

Apr 17, 2025

Modified

Aug 11, 2025

Description

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Solution

rarlab-winrar-upgrade-7_11

References

CVE-2025-31334
https://attackerkb.com/topics/CVE-2025-31334
CWE-356

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report