CVE-2025-46652

EPSS 0.19%
Veröffentlicht 26.04.2025 00:00:00
Zuletzt bearbeitet 24.10.2025 20:16:19
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerIZArc

≫

Produkt IZArc

Default Statusunknown

Version <= 4.5

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.412

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-830 Inclusion of Web Functionality from an Untrusted Source

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.

https://github.com/EnisAksu/Argonis/blob/main/CVEs/IZArc/IZArc%20Mark-of-the-Web%20Bypass%20Vulnerability.md

https://github.com/EnisAksu/Argonis/security/advisories/GHSA-637g-8v47-79mv

https://www.izarc.org/news

https://nvd.nist.gov/vuln/detail/CVE-2025-46652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-46652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-46652

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-46652