Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2025-0411

HIGH
Published 2025-01-25T04:28:24.270Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-0411. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0
7.0
/10
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.368
probability
of exploitation in the wild

There is a 36.8% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.969
Higher than 96.9% of all CVEs

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Available Exploits

No exploits available for this CVE.

Related News

Reminder: 7-Zip & MoW, (Mon, Feb 10th)

CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not …

Sans.edu 2025-02-10 07:27
Read More
Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver too…

0.135 2025-02-09 09:00
Read More
CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability CVE-2022-23748 Dante Discovery Process Control Vulnerabili…

Cisa.gov 2025-02-06 12:00
Read More
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vul…

Help Net Security 2025-02-04 13:02
Read More
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute …

Internet 2025-02-04 12:28
Read More

Affected Products

7-Zip

7-Zip

Affected Versions:

24.08 (x64)

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

February 27, 2025

Added to KEV

February 6, 2025

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: 7-Zip
Product: 7-Zip

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.02.06 Released: February 6, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-2pjx-wvcg-vhr8

Advisory Details

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-0411
WEB https://security.netapp.com/advisory/ntap-20250207-0005
WEB https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability
WEB https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability
WEB https://www.zerodayinitiative.com/advisories/ZDI-25-045
WEB http://www.openwall.com/lists/oss-security/2025/01/24/6

Advisory provided by GitHub Security Advisory Database. Published: January 25, 2025, Modified: February 7, 2025

References

https://www.zerodayinitiative.com/advisories/ZDI-25-045/
Published: 2025-01-25T04:28:24.270Z
Last Modified: 2025-07-28T19:42:23.995Z
Copied to clipboard!