[Japanese]

JVNDB-2025-000025

WinRAR vulnerable to the symbolic link based "Mark of the Web" check bypass

Overview

WinRAR provided by RARLAB contains a vulnerability that bypasses the "Mark of the Web" (CWE-356) security warning function for files when opening a symbolic link that points to an executable file.
In the initial Windows configuration, only administrators have the privilege to create symbolic links.

Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


RARLAB
  • WinRAR versions prior to 7.11

Impact

If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

RARLAB
CWE (What is CWE?)

  1. Product UI does not Warn User of Unsafe Actions(CWE-356) [Other]
CVE (What is CVE?)

  1. CVE-2025-31334
References

  1. JVN : JVN#59547048
Revision History

  • [2025/04/03]
      Web page was published