MEDIUM 6.8
CVE-2025-31334
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS
0.1%
percentile 25.2%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| rarlab | winrar | Windows | <7.11 | cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* |