关键漏洞信息 CVE ID: CVE-2025-52331 CVSS Score: 4.4 Affected Vendor: Rarlab Affected Product: WinRAR Affected Version: 7.11 Vulnerability Type: Cross Site Scripting (XSS) Affected Component: "generate report" functionality Attack Vectors: User must use the "generate report" functionality and open the report Attack Type: Local Impact: Information Disclosure Vulnerability Details: Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11 allows attackers to disclose user information. Reference: - https://www.rarlab.com/rarnew.htm - https://gist.github.com/MarcinB44/2150484497c4b34aedef682c9091b14fa Additional Information: Fixed in WinRAR 7.12 beta 1 Discoverer: Marcin Bobryk