CVE-2025-31334

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability : 0.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN59547048/	Third Party Advisory
https://www.win-rar.com/start.html?&L=0	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*

History

01 Jul 2025, 15:10

Type	Values Removed	Values Added
First Time		Rarlab winrar Rarlab
References	~~() https://jvn.jp/en/jp/JVN59547048/ -~~	() https://jvn.jp/en/jp/JVN59547048/ - Third Party Advisory
References	~~() https://www.win-rar.com/start.html?&L=0 -~~	() https://www.win-rar.com/start.html?&L=0 - Release Notes
CPE		cpe:2.3:a:rarlab:winrar::::::::

07 Apr 2025, 14:18

Type	Values Removed	Values Added
Summary		(es) En versiones de WinRAR anteriores a la 7.11, existe un problema que omite la función de advertencia de seguridad "Mark of the Web" al abrir un enlace simbólico que apunta a un archivo ejecutable. Si se abre un enlace simbólico manipulado específicamente por un atacante en el producto afectado, se podría ejecutar código arbitrario.

03 Apr 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-03 06:15

Updated : 2025-07-01 15:10

NVD link : CVE-2025-31334

Mitre link : CVE-2025-31334

CVE.ORG link : CVE-2025-31334

JSON object : View

Products Affected

rarlab

winrar

CWE

CWE-356

Product UI does not Warn User of Unsafe Actions

6.8 /10