Rarlab Winrar
7 CVEs affecting Rarlab Winrar. Latest disclosed: 2025-07-25. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6218 | High | 7.8 | 2025-06-21 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected install… |
CVE-2023-40477 | High | 7.8 | 2024-05-03 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arb… |
CVE-2015-5663 | High | 7.4 | 2015-12-30 | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extension… |
CVE-2025-31334 | Medium | 6.8 | 2025-04-03 | Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR v… |
CVE-2024-30370 | Medium | 4.3 | 2024-04-02 | RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected i… |
CVE-2022-43650 | Low | 2.5 | 2023-03-29 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required… |
CVE-2014-125119 | | 2025-07-25 | A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Dir… |