- Security researchers discover a new flaw in Winrar
- The defect allowed threat actors to bypass the web brand and deploy malware on Windows devices without warning
- Winrar has published a new version to correct the bug, then update now
Experts have discovered a Winrar flaw that could allow threatening actors to bypass the web brand (MOTW) and deploy malware on people’s computers.
The vulnerability was discovered by the Japanese researcher Shimamine Taihei from the secure directions of Mitsui Bussan, and is now followed in the form of CVE-2025-31334, and has received a gravity score of 6.8 / 10 (Middle).
Motw is a safety mechanism that displays a warning when an executable file is downloaded from the Internet. It is integrated into Windows and serves as an additional safety layer, warning people that files downloaded from the Internet could be dangerous – however, there is a way to get around the warning when a file is shared in an archived format.
Bond
“If Symlink pointing on an executable was started from Winrar Shell, the executable brand of web data has been ignored,” Winrar said.
A symbolic link (abbreviation of symbolic link) is a shortcut or alias in a file or a folder. Instead of copying a file, a symbolic link point. Therefore, a hacker could create a link to symbolism pointing to an executable with Motw, and if a victim executes it, the Motw would not manifest.
Vulnerability has been found in all old versions of Winrar, and has been treated in version 7.11, which is now available for download.
Since Mark of the Web has been introduced, cybercriminals have been looking for different ways to get around it and deliver malware without warning.
At the end of January 2025, 7-ZIP corrected a major defect which allowed this. It is followed as CVE-2025-0411 and received a high gravity score, 7/10. Even earlier, in 2022, the researchers found a password protected .zip file with an inside .iso file that could bypass MOTW.
To mitigate the risk, users must always keep their archives up to date and be vigilant when downloading files from the Internet.
Via Bleeping Compompute
