CVE-2025-52331

MEDIUM

WinRAR 7.11 - Cross-Site Scripting in Generate Report Functionality

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious HTML tags to be injected into the report. User interaction is required. User must use the "generate report" functionality and open the report.

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0027
EPSS Percentile 18.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
rarlab/winrar 7.11
Published Nov 12, 2025
Tracked Since Feb 18, 2026