A vulnerability in WinRAR allows attackers to bypass the Mark-of-the-Web feature in Windows. A patch fixes the flaw.
RARLab, the organization behind WinRAR, is rolling out a patch for a security vulnerability in the file transfer software. Version 7.11 closes a flaw that could bypass the Mark-of-the-Web feature in Windows. This increases the risk of importing malicious files with Windows.
Mark-of-the-Web
The WinRAR vulnerability, designated as CVE-2025-31334, was discovered a few days ago by the Japanese CERT center and reported to RARLab. Mark-of-the-Web is a feature in Windows that adds an extra marking to files downloaded from the internet. The marking doesn’t necessarily mean a file is malicious, but serves to notify you that it originates from the internet.
Because the bug prevents Mark-of-the-Web from activating, attackers can exploit WinRAR to send files that are actually malicious undetected. Although it’s not clear if the vulnerability is being actively exploited, RARLab doesn’t want to take that risk. In the past, WinRAR vulnerabilities have proven to be a popular target for hackers.
read also
WinRAR Vulnerability Bypasses Windows Warnings
Within just a few days of the vulnerability being reported, RARLab rolled out a security patch. Version 7.11 fixes the flaw, and you’re only safe once you’ve installed the patch. Among others, the German government urges to install the patch as soon as possible, and we would only recommend the same.