CVE-2025-31334 MEDIUM

CVE-2025-31334

Vendor Rarlab
Product WinRAR
Weakness CWE-356
Published April 3, 2025
Last update April 3, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Key dates

02Disclosure timeline

April 3, 2025 CVE published
April 3, 2025 Record updated