CVE-2025-0411 - 7-Zip Mark of the Web Bypass Vulnerability

: 7-Zip | 7-Zip

Date Added:
2025-02-06

Due Date:
2025-02-27

Vulnerability Name: 7-Zip Mark of the Web Bypass Vulnerability

Description: 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.7-zip.org/history.txt ; https://nvd.nist.gov/vuln/detail/CVE-2025-0411

Related News Articles: XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsFebruary 10, 2025

Free online web security scanner

Don't show website scan report rating on the leaderboard