Experts have discovered a vulnerability in the WinRAR archiver that allows attackers to bypass the Mark of the Web (MotW), a Windows protection mechanism, and deploy malware on victims’ computers.

Image Source: Kevin Ku / unsplash.com

The vulnerability was discovered by Japanese researcher Shimamine Taihei from Mitsui Bussan Secure Directions — it was assigned the number CVE-2025-31334 and the threat level was 6.8 out of 10 — medium. MotW is a security tool that displays a warning when downloading an executable file from the Internet. The built-in Windows mechanism notifies users that files downloaded from the Internet may be dangerous, but there was a way to bypass this warning if the file was in an archive format.

«If a symbolic link pointing to an executable file was opened from the WinRAR shell, the Mark of the Web executable file data was ignored,” the archiver’s website explains. A symbolic link (or Symlink) is a shortcut or alias to a file or folder. A symbolic link is not a copy of a file, but only a pointer to it. A hacker could create a symbolic link pointing to an executable file with MotW, and when it was opened, the MotW warning was not displayed. The vulnerability was discovered in all older versions of WinRAR and was fixed in version 7.11, which is now available for download.

AddThis Website Tools
admin

Share
Published by
admin

Recent Posts

Tesla continues to suffer in Europe, with sales down more than 50% in April

Tesla has been recording a decline in sales in Europe, the world's second-largest electric vehicle…

4 hours ago

Tesla continues to suffer in Europe, with sales down more than 50% in April

Tesla has been recording a decline in sales in Europe, the world's second-largest electric vehicle…

4 hours ago

Tesla continues to suffer in Europe, with sales down more than 50% in April

Tesla has been recording a decline in sales in Europe, the world's second-largest electric vehicle…

4 hours ago

Nintendo Sues Genki For Boldly Showing Off Switch 2 Accessories Before Console Announcement

Nintendo has filed a lawsuit against Human Things, the owner of the Genki brand. The…

6 hours ago

Blackout in Spain and Portugal Causes Starlink Popularity to Surge

The massive power outages that hit Spain and Portugal in late April exposed critical vulnerabilities…

7 hours ago