A recently discovered flaw in WinRAR, identified as CVE-2025-31334, enables attackers to bypass the Windows "Mark of the Web" (MotW) security alerts and run malicious code. This vulnerability affects all versions of WinRAR except the latest 7.11 release.
MotW is a Windows security feature that flags files downloaded from the internet and warns users before execution.
By exploiting the flaw, attackers can use a specially crafted symbolic link (symlink) to launch executable files without triggering the MotW prompt—though creating symlinks on Windows requires admin privileges.
The issue, rated with a medium severity score of 6.8, has now been patched in version 7.11. WinRAR acknowledged the problem and resolved it by ensuring that MotW data is not ignored when opening symlinks.
The vulnerability was responsibly disclosed by Shimamine Taihei via Japan’s IT security agencies. This incident follows a trend where similar MotW bypasses, including one in 7-Zip, have been exploited by threat actors to distribute malware covertly.
Read more...
Logging you in...
Loading IntenseDebate Comments...