National Cybersecurity Incident Response Center: WinRAR security vulnerability can bypass Windows security warnings and execute malware

ChainCatcher message, according to Jinshi reports, recently, the Japanese security team CSIRT revealed a security vulnerability in WinRAR that can bypass Microsoft's Windows Mark of the Web (MoTW) security mechanism, potentially allowing users to unknowingly execute malicious programs from the internet, posing serious security risks. This vulnerability is numbered CVE-2025-31334.

To actively respond to the cybersecurity challenges posed by the WinRAR security vulnerability to our critical infrastructure, it is recommended to take the following measures from a technical perspective: first, conduct a comprehensive inspection of network devices in WinRAR user environments that are affected by this vulnerability and promptly install the latest version. Second, perform a reset of WinRAR client configurations. Third, it is advised that WinRAR users avoid connecting to untrusted networks when handling sensitive data.