CVE-2025-31334

NONE EPSS 64.8%
Published Apr 3, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Apr 3, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Threat Intelligence

EPSS Exploit Probability
64.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-356

Affected Products 1

VendorProductVersionRange
rarlabwinrar* <7.11

References 2

  • jvn.jp https://jvn.jp/en/jp/JVN59547048/
    Third Party Advisory
  • win-rar.com https://www.win-rar.com/start.html?&L=0
    Release Notes

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.