Published:2025/04/03  Last Updated:2025/04/03

JVN#59547048
WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

Overview

WinRAR provided by RARLAB is vulnerable to the symbolic link based "Mark of the Web" check bypass.

Products Affected

  • WinRAR versions prior to 7.11

Description

WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" (CWE-356) security warning function for files when opening a symbolic link that points to an executable file.
In the initial Windows configuration, only administrators have the privilege to create symbolic links.

Impact

If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
RARLAB WinRAR

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Base Score: 6.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-31334
JVN iPedia JVNDB-2025-000025