WinRAR users have been urged to promptly upgrade their software to version 7.11 in response to a critical vulnerability (CVE-2025-31334) that has been identified. This vulnerability poses a significant risk as it could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute unauthorized code on affected machines.
The issue at hand revolves around how WinRAR handles symbolic links (symlinks), which are essentially pointers to other files or directories. Attackers can exploit this vulnerability by creating an archive file with a symlink that points to an executable file. When this symlink is initiated from the WinRAR shell, the executable Mark of the Web data is disregarded. Consequently, users who open such files downloaded from the internet will not receive a warning about the potential dangers of the file and will unknowingly run the executable when prompted.
Given the widespread use of WinRAR by over 500 million users globally, threat actors have historically targeted vulnerabilities in the software to distribute malware. Furthermore, vulnerabilities that enable attackers to bypass MotW, similar to the one identified in this instance, are particularly favored by threat actors due to their ability to evade security measures and facilitate the delivery of malicious payloads.
Although the reported vulnerability (CVE-2025-31334) was brought to light by Taihei Shimamine of Mitsui Bussan Secure Directions, there have been no documented cases of attackers exploiting it thus far. The severity of the flaw is categorized as medium, primarily because attackers would require elevated privileges to successfully exploit it, presenting a significant barrier.
Despite the potential obstacles for attackers, WinRAR users are strongly advised to update their software to version 7.11 at the earliest opportunity. It is worth noting that WinRAR does not have an automatic update feature, highlighting the importance of proactive manual updates to mitigate the risk posed by such vulnerabilities.
In light of this latest security advisory, users are encouraged to stay informed about cybersecurity threats and breaches by subscribing to breaking news email alerts. By remaining vigilant and proactive in updating software and following security best practices, users can protect themselves against evolving cyber threats and safeguard their digital assets.