CVE-2025-31334

Name of the Vulnerable Software and Affected Versions WinRAR versions prior to 7.11

Description The issue bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. This vulnerability allows attackers to bypass Windows security features and execute malicious code.

Recommendations Update to WinRAR version 7.11 or newer to fix the vulnerability. As a temporary workaround, consider avoiding the use of symbolic links in archives until the issue is resolved. Additionally, users should be cautious when opening archives from untrusted sources and verify the integrity of the archives before opening them.