CVE-2025-0411

Warning

EPSS 32.14%
Published 25.01.2025 05:15:09
Last modified 12.02.2025 18:14:13
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Affected products Warnungen 1 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

7-zip ≫ 7-zip Version < 24.09

06.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

7-Zip Mark of the Web Bypass Vulnerability

Vulnerability

7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	32.14%	0.967

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://www.zerodayinitiative.com/advisories/ZDI-25-045/

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2025/01/24/6

Mailing List

https://security.netapp.com/advisory/ntap-20250207-0005/

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability

Mitigation

https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-0411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0411

EUVD