Heads up, WinRAR users! A recently patched security flaw in WinRAR could allow mark-of-the-web (MotW) bypass when downloading files. An adversary could exploit the vulnerability to execute malicious codes on a target device.
WinRAR Flaw Allowed Mark-of-the-Web (MotW) Bypass
A serious security vulnerability risked WinRAR users as it allowed malicious codes to reach a target device unchecked.
Identified as CVE-2025-31334, this vulnerability would allow a Mark-of-the-Web (MotW) security check bypass even with executable files. Consequently, an adversary could exploit this vulnerability to run arbitrary codes on target devices by sending maliciously crafted archives.
Elaborating on this flaw, the vulnerability description reads,
Issue that bypasses the “Mark of the Web” security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
This vulnerability received a medium severity rating with a CVSS score of 6.8. While it seems less dangerous, given the severity scores, it poses a serious threat to users who frequently interact with compressed/archived files.
An adversary may use the malware to infect a device for various malicious purposes, such as stealing account credentials, exfiltrating data, interfering with system files, or even planting a backdoor to sneakily monitor the device’s activities.
However, with Mark-of-the-Web (MotW) security check from Microsoft Windows, files downloaded from the internet are marked potentially unsafe. This warning enables users to double check the files for safety before proceeding. That’s the reason any vulnerabilities in tools that allow MotW bypass need immediate attention to avoid potential threats to the users.
Patch Deployed – Update Your Devices
WinRAR has patched this MotW bypass vulnerability with the latest software release. According to the release notes, the flaw first caught the attention of the security researcher Shimamine Taihei of Mitsui Bussan Secure Directions, Inc., who then reported it to WinRAR. Consequently, the service patched the vulnerability with WinRAR 7.11, alongside other bug fixes.
Since the update has already been released, users must ensure updating their devices with the latest WinRAR versions to remain safe. Besides, users must remain vigilant when interacting with executable files, ensuring that they allow such files from trusted sources only. Moreover, equipping devices with robust anti-malware solutions is also inevitable to prevent potential threats.
Let us know your thoughts in the comments.
