CVE-2025-31334

Medium CVSS: 6.8

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Vendor

Rarlab

Product

Winrar

CWE

CWE-356

Yayın Tarihi

2025-04-03 06:15:42

Güncelleme

2025-07-01 15:10:55

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-356 Winrar MEDIUM Rarlab 2025

Referanslar

https://jvn.jp/en/jp/JVN59547048/ https://www.win-rar.com/start.html?&L=0

Benzer Kayıtlar

Low

CVE-2025-14111

A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown pa…

Medium

CVE-2025-52331

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to…

High

CVE-2025-8088

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by…

High

CVE-2025-6218

RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to exe…