CVE-2025-31334

Summary

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Affected Software

VendorProductVersion RangeStatus
RARLABWinRARprior to 7.11affected

Weaknesses

  • CWE-356: Product UI does not warn user of unsafe actions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References