- Security researchers discover new defects in Winrar
- The fault allowed threat actors to avoid the web brand and implement malware on Windows devices without prior notice
- Winrar launched a new version to solve the error, so up now
Experts have discovered a defect in Winrar that could allow threat actors to avoid the brand of the web (Motw) and implement malware on people’s computers.
The vulnerability was discovered by Japanese researcher Shimamine Taihei of the safe instructions of Mitsui Bussan, and now a monitoring is carried out as CVE-2025-31334, and a severity score of 6.8/10 (medium) was given.
Motw is a security mechanism that shows a warning when an executable internet file is downloaded. It is integrated into Windows and serves as an additional security layer, warning people that the archives downloaded from the Internet could be dangerous; However, there is a way of working around the warning when a file is shared in a archived format.
Symbolic link
“If Symlink pointing to an executable began from Winrar Shell, the executable brand of web data was ignored,” said Winrar the vulnerability.
A symbolic link (abbreviation for a symbolic link) is a shortcut or aka in a file or folder. Instead of copying a file, a symbolic link only points it out. Therefore, a hacker could create a symbolic link that points to an executable with Motw, and if a victim executes it, the Motw would not be shown.
Vulnerability was found in all previous versions of Winrar, and was addressed in version 7.11, which is now available to download.
Since Mark of the Web was introduced, cybercriminals have been looking for different ways to avoid it and deliver malware without prior notice.
At the end of January 2025, 7-Zip patched an important defect that allowed exactly that. It tracks as CVE-2025-0411 and received a high gravity score, 7/10. Previously, in 2022, researchers found a .zip file protected with a password with a .iso file that could avoid Motw.
To mitigate the risk, users must always keep their updated files and be attentive to download Internet files.
Through Bleepingcomputer
