Detections
Analytics

WinRAR < 7.11 Mark of the Web Bypass (CVE-2025-31334)

medium Nessus Plugin ID 234002

Language:

Synopsis

The remote Windows host has an application installed which is affected by a mark of the web bypass vulnerability.

Description

The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.11. It is, therefore, affected by a vulnerability:

 - Issue that bypasses the 'Mark of the Web' security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. (CVE-2025-31334)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to WinRAR version 7.11 or later.

See Also

https://jvn.jp/en/jp/JVN59547048/

https://www.rarlab.com/rarnew.htm

Plugin Details

Severity: Medium

ID: 234002

File Name: winrar_7_11.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows

Published: 4/8/2025

Updated: 4/8/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-31334

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:rarlab:winrar

Required KB Items: SMB/Registry/Enumerated, installed_sw/RARLAB WinRAR

Patch Publication Date: 4/3/2025

Vulnerability Publication Date: 4/3/2025

Reference Information

CVE: CVE-2025-31334