Thought Leadership
A recently discovered vulnerability in the popular WinRAR archiving software (CVE-2025-31334) is causing a stir: It allows attackers to bypass the security warnings integrated into Windows – known as “Mark of the Web” (MotW).
This function marks files from the Internet as potentially dangerous and warns the user when they are opened. The vulnerability makes it possible to access a file within an archive via so-called symlinks without the warning appearing. If the symlink is opened, arbitrary code can be executed – under the radar of the usual protective measures.
Discovered by Japanese security researchers
The problem was discovered by experts from the Japanese company Mitsui Bussan Secure Directions. They reported the vulnerability via the national cyber security agency IPA. The WinRAR developers have already responded: The leak has been closed with version 7.11.
Only with admin rights – but not harmless
According to the Common Vulnerability Scoring System (CVSS) rating system, the vulnerability has a threat level of 6.8 – which is considered medium. The reason: exploiting the vulnerability requires administrator rights, which limits the circle of potential attackers. Nevertheless, there is still a risk: hacker groups have exploited similar gaps in the past, for example in the 7-Zip software.
Quick update strongly recommended
All WinRAR versions prior to 7.11 are affected. Anyone using WinRAR should urgently carry out an update to protect themselves against possible attacks. Past experience shows that such vulnerabilities rarely go unused. An up-to-date system is the best defense against cyber threats.
(vp/8com GmbH & Co. KG)
