CVE-2025-52331

Name of the Vulnerable Software and Affected Versions WinRAR version 7.11

Description A cross-site scripting (XSS) issue exists in the generate report functionality. This allows attackers to potentially disclose user information, including the computer username, generated report directory, and IP address. The issue occurs because the generate report command includes archived file names without validation in the HTML report, enabling the injection of potentially malicious HTML tags. User interaction is required, specifically using the "generate report" functionality and opening the report.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.