Attention WinRAR users! A recently patched security vulnerability in WinRAR could potentially bypass the mark-of-the-web (MotW) security check when downloading files, allowing malicious code execution on targeted devices.
WinRAR Vulnerability Enables MotW Bypass
A critical security flaw in WinRAR exposed users to the risk of unchecked malicious code execution on their devices.
Known as CVE-2025-31334, this vulnerability enabled bypassing of the Mark-of-the-Web (MotW) security check, even with executable files. This allowed attackers to run arbitrary code on targeted devices by sending specially crafted archives.
Describing the flaw, the vulnerability states,
An issue bypassing the “Mark of the Web” security warning for files occurs when opening a symbolic link pointing to an executable file in WinRAR versions prior to 7.11. Opening a maliciously crafted symbolic link could result in the execution of arbitrary code.
This vulnerability was rated as medium severity with a CVSS score of 6.8. Despite appearing less severe, it poses a significant threat to users who frequently handle compressed/archived files.
An attacker could use malware to infect a device for malicious purposes such as stealing credentials, data exfiltration, system file interference, or planting a backdoor for covert monitoring.
However, the Mark-of-the-Web (MotW) security check by Microsoft Windows marks potentially unsafe files downloaded from the internet, prompting users to verify file safety before proceeding. Hence, any vulnerabilities allowing MotW bypass in tools require immediate attention to mitigate potential threats.
Patch Released – Update Your WinRAR
WinRAR has addressed this MotW bypass vulnerability in the latest software update. The flaw was discovered by security researcher Shimamine Taihei of Mitsui Bussan Secure Directions, Inc., who reported it to WinRAR. The service promptly patched the vulnerability in WinRAR 7.11, along with other bug fixes.
Users should update their WinRAR installations to the latest version to safeguard their devices. Additionally, caution should be exercised when handling executable files, ensuring they originate from trusted sources only. Implementing robust anti-malware solutions is also crucial to thwart potential threats.
We welcome your thoughts in the comments section.
