CVE-2025-0411: 7-Zip Mark-of-the-Web Bypass Vulnerability

7.0 CVSS

Description

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Known Exploited

🚨 Marked as known exploited on February 4th, 2025 (2 months ago).

Classification

CVE ID: CVE-2025-0411

CVSS Base Severity: HIGH

CVSS Base Score: 7.0

CVSS Vector:

Affected Products

Vendor: 7-Zip

Product: 7-Zip

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.4% (probability of being exploited)

EPSS Percentile: 73.68% (scored less or equal to compared to others)

EPSS Date: 2025-02-23 (when was this score calculated)

References

https://www.zerodayinitiative.com/advisories/ZDI-25-045/

Timeline

2025-01-26 00:30:14 UTC
CVE

7-Zip Mark-of-the-Web Bypass Vulnerability
2025-02-04 13:31:22 UTC
TheHackerNews

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
2025-02-04 13:32:41 UTC
🚨 Marked as Known Exploited
2025-02-06 17:15:51 UTC
CISA KEV

7-Zip Mark of the Web Bypass Vulnerability