AI description
CVE-2025-31334 is a vulnerability affecting WinRAR versions prior to 7.11. It involves a bypass of the "Mark of the Web" (MotW) security warning. This function typically alerts users when opening files from untrusted sources, such as the internet. The vulnerability stems from how WinRAR handles symbolic links. An attacker can create a malicious .rar archive containing a specially crafted symbolic link that points to an executable file. When a user extracts and opens this symbolic link, the executable file runs without displaying the usual MotW warning, potentially leading to arbitrary code execution.
- Description
- Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
- Source
- vultures@jpcert.or.jp
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- vultures@jpcert.or.jp
- CWE-356
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
23
🚨 ¡Alerta de seguridad! Se ha detectado la vulnerabilidad WinRAR CVE-2025-31334. Descubre los riesgos, detalles y cómo protegerte en nuestro análisis completo 👉 https://t.co/aj5ZNJOfu5 #Seguridad #Cybersecurity #WinRAR
@Tecnohack_ES
4 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
اكتشاف ثغرة جديدة على WinRar CVE-2025-31334 الثغره موجودة من اصدار 7.11 وقبل الثغره تسمح للمهاجم بتشغيل اوامر خبيثه على مستعمل البرنامج كل الي عليك تحدث البرنامج لاخر نسخه 👍🏽 https://t.co/zwdaTLOEaK
@HereHuss
4 Apr 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
WinRAR MotW Vulnerability CVE-2025-31334 Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is ht
@CareWeDoNot
4 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31334: ข้อบกพร่องของ WinRAR ช่วยให้ Mark-of-the-Web Bypass และการประมวลผลรหัสโดยพลการ https://t.co/dbBJsZGSEM
@freedomhack101
4 Apr 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31334 Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions… https://t.co/BB91ICBZAM
@CVEnew
3 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical WinRAR flaw (CVE-2025-31334) bypasses Mark-of-the-Web protections, enabling arbitrary code execution via malicious archives. Patch immediately: https://t.co/eYj4qiZJoi #CyberSecurity #Vulnerability
@adriananglin
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31334: WinRAR Flaw Enables Mark-of-the-Web Bypass and Arbitrary Code Execution https://t.co/Nmu2a7ERrG
@Dinosn
3 Apr 2025
9742 Impressions
64 Retweets
156 Likes
43 Bookmarks
2 Replies
1 Quote
CVE-2025-31334: WinRAR Flaw Enables Mark-of-the-Web Bypass and Arbitrary Code Execution Learn about CVE-2025-31334, a new vulnerability in #WinRAR that can bypass Windows security and execute malicious code. https://t.co/bQjOjXeKXX
@the_yellow_fall
3 Apr 2025
30 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31334 WinRAR Symbolic Link Security Bypass Enabling Arbitrary Code Execution Prior to 7.11 https://t.co/oMrDCe5Oyr
@VulmonFeeds
3 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes