Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31334

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Published

2025-04-03T06:15:42.903

Last Modified

2025-07-01T15:10:55.773

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-356

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rarlab	winrar	< 7.11	Yes

References

https://jvn.jp/en/jp/JVN59547048/ Third Party Advisory ([email protected])
https://www.win-rar.com/start.html?&L=0 Release Notes ([email protected])