CVE-2025-31334
First published: Thu Apr 03 2025(Updated: )
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WinRAR | <7.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-31334?
CVE-2025-31334 has a severity rating that indicates it allows for arbitrary code execution from crafted symbolic links.
How do I fix CVE-2025-31334?
To fix CVE-2025-31334, upgrade WinRAR to version 7.11 or later.
What versions of WinRAR are affected by CVE-2025-31334?
WinRAR versions prior to 7.11 are affected by CVE-2025-31334.
What type of attack is possible with CVE-2025-31334?
CVE-2025-31334 allows an attacker to execute arbitrary code through specially crafted symbolic links.
Is it safe to open symbolic links in WinRAR prior to version 7.11?
No, it is not safe to open symbolic links in WinRAR versions prior to 7.11 due to the vulnerability in CVE-2025-31334.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2025-31334
- agent/news-ai
- agent/source
- agent/severity
- agent/references
- agent/tags
- agent/event
- agent/trending
- vendor/winrar
- canonical/winrar