CVE-2025-0411
Published: 25 January 2025
Description
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Security Summary
CVE-2025-0411 is a Mark-of-the-Web bypass vulnerability affecting installations of 7-Zip. The specific flaw exists within the handling of archived files, where 7-Zip fails to propagate the Mark-of-the-Web protection to extracted files when processing a crafted archive that bears the Mark-of-the-Web. This issue, originally tracked as ZDI-CAN-25456, was published on 2025-01-25 and carries a CVSS v3.1 base score of 7.0 (AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), mapped to CWE-693.
Remote attackers can exploit this vulnerability, but user interaction is required, such as the target visiting a malicious page or opening a malicious file. Successful exploitation allows the attacker to bypass Mark-of-the-Web protections and execute arbitrary code in the context of the current user.
Advisories provide further details on the issue, including the Zero Day Initiative's ZDI-25-045 publication, a discussion on the oss-security mailing list, NetApp's advisory ntap-20250207-0005, and Vicarius resources on mitigation and detection for the 7-Zip vulnerability.
Details
- CWE(s)
- KEV Date Added
- 06 February 2025