WinRAR Vulnerability Allows Bypass of Security Warnings and Malicious Code Execution
9 April 2025 · Uncategorized ·
Source: · https://infosecu.technews.tw/2025/04/07/winrar-security-vulnerability-2/
Recently, the Japanese Computer Emergency Response Team Coordination Center (CSIRT) disclosed a critical security vulnerability in WinRAR, identified as CVE-2025-31334. This flaw allows attackers to bypass Microsoft's built-in Mark of the Web (MoTW) safety mechanism on Windows platforms, potentially enabling users to unknowingly execute malicious programs from the internet and posing significant risks.
WinRAR has been a widely used compression software for decades, providing convenient data compression services to its user base. However, all previous versions contained this vulnerability, which attackers could exploit to bypass Windows security warnings and run malware without alerting users. For those unfamiliar with MoTW alerts, these typically appear when attempting to execute unknown programs downloaded from the internet as a warning about potential risks.
According to recent updates, WinRAR has addressed this vulnerability in version 7.11. The update notes indicate that launching an executable file via symbolic links through the WinRAR Shell will no longer ignore MoTW data. Users can mitigate this threat by updating their software to the latest version.
Shimamine Taihei of Mitsui Bussan Secure Directions Inc. discovered and reported this issue, prompting swift action from the WinRAR team. While triggering a potential attack requires manual interaction with links, bypassing Windows’ warning system significantly increases security risks.
The MoTW serves as an additional safety net by issuing warnings before users execute suspicious code—a crucial step in preventing automatic malware propagation. Therefore, experts strongly recommend that all WinRAR users update to the latest version immediately to avoid potential future issues.
(Image source: Shutterstock)
WinRAR has been a widely used compression software for decades, providing convenient data compression services to its user base. However, all previous versions contained this vulnerability, which attackers could exploit to bypass Windows security warnings and run malware without alerting users. For those unfamiliar with MoTW alerts, these typically appear when attempting to execute unknown programs downloaded from the internet as a warning about potential risks.
According to recent updates, WinRAR has addressed this vulnerability in version 7.11. The update notes indicate that launching an executable file via symbolic links through the WinRAR Shell will no longer ignore MoTW data. Users can mitigate this threat by updating their software to the latest version.
Shimamine Taihei of Mitsui Bussan Secure Directions Inc. discovered and reported this issue, prompting swift action from the WinRAR team. While triggering a potential attack requires manual interaction with links, bypassing Windows’ warning system significantly increases security risks.
The MoTW serves as an additional safety net by issuing warnings before users execute suspicious code—a crucial step in preventing automatic malware propagation. Therefore, experts strongly recommend that all WinRAR users update to the latest version immediately to avoid potential future issues.
(Image source: Shutterstock)