Browse all 7 CVE security advisories affecting RARLAB. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RARLAB develops WinRAR, a widely used file compression and archiving tool. Historically, the software has been susceptible to multiple remote code execution vulnerabilities, often through buffer overflow flaws in unpacking routines, as well as cross-site scripting issues in its interface. The company maintains a moderate security posture with seven CVEs recorded, primarily involving privilege escalation and arbitrary code execution risks. While no major public security incidents have been documented, WinRAR's widespread deployment makes it a persistent target for exploitation. Regular updates address discovered vulnerabilities, though the software's complex parsing logic continues to present potential attack surfaces for malicious actors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-14111 | Rarlab RAR App com.rarlab.rar path traversal — RAR AppCWE-22 | 5.0 | Medium | 2025-12-05 |
| CVE-2014-125119 | WinRAR < 5.00 Filename Spoofing RCE — WinRARCWE-20 | 7.8 | - | 2025-07-25 |
| CVE-2025-6218 | RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability — WinRARCWE-22 | 8.8AI | HighAI | 2025-06-21 |
| CVE-2025-31334 | WinRAR 安全漏洞 — WinRARCWE-356 | 7.8AI | HighAI | 2025-04-03 |
| CVE-2023-40477 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability — WinRARCWE-129 | 7.8 | - | 2024-05-03 |
| CVE-2024-30370 | RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability — WinRARCWE-693 | 8.8AI | HighAI | 2024-04-02 |
| CVE-2022-43650 | WinRAR 缓冲区错误漏洞 — WinRARCWE-125 | 5.5 | - | 2023-03-29 |
This page lists every published CVE security advisory associated with RARLAB. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.