A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. The patch rollout highlights the ongoing challenges archiving tools face in balancing functionality and security, especially as attackers increasingly target widely used software like WinRAR, which boasts over 500 million users globally. Attackers can exploit a weakness in WinRAR’s handling of symbolic link shortcuts that point to other files or folders to bypass these security warnings. The vulnerability targets Windows’ Mark of the Web (MotW) security feature, which flags files downloaded from untrusted sources (e.g., the Internet) and restricts their execution. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. When a user extracts a malicious archive containing a specially crafted symbolic link, WinRAR fails to apply the MotW flag to the linked executable. This allows threat actors to execute malicious code without triggering Windows’ standard security alerts. Taihei Shimamine of Mitsui Bussan Secure Directions discovered the flaw, which was coordinated through JPCERT/CC and the Information Security Early Warning Partnership. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. Tracked as CVE-2025-31334, this flaw impacts all WinRAR versions before 7.11 and has been assigned a CVSS score of 6.8, reflecting its potential for high-impact attacks. This vulnerability underscores the risks of MotW bypass flaws, which have also affected other tools like 7-Zip (CVE-2025-0411). Immediate patching and adherence to cybersecurity best practices remain the most effective defenses against evolving attack vectors targeting archival software. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 07:55:18 +0000