CVE-2025-0411 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

7-Zip Mark of the Web Bypass Vulnerability

Exploit added

February 6, 2025

Action due

February 27, 2025

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-693	Protection Mechanism Failure

Known Affected Software Configurations

cpe:2.3:a:7-zip:7-zip:23.01:::::::*
cpe:2.3:a:7-zip:7-zip:24.05:::::::*
cpe:2.3:a:7-zip:7-zip:24.06:::::::*
cpe:2.3:a:7-zip:7-zip:24.08:::::::*
cpe:2.3:a:7-zip:7-zip:22.01:::::::*
cpe:2.3:a:7-zip:7-zip:21.03:::::::*
cpe:2.3:a:7-zip:7-zip:21.07:::::::*
cpe:2.3:a:7-zip:7-zip:21.06:::::::*
cpe:2.3:a:7-zip:7-zip:21.04:::::::*
cpe:2.3:a:7-zip:7-zip:21.02:::::::*
cpe:2.3:a:7-zip:7-zip:-:::::::*
cpe:2.3:a:7-zip:7-zip:21.00:alpha::::::
cpe:2.3:a:7-zip:7-zip:20.00:alpha::::::
cpe:2.3:a:7-zip:7-zip:19.02:alpha::::::
cpe:2.3:a:7-zip:7-zip:20.02:alpha::::::
cpe:2.3:a:7-zip:7-zip:19.00:::::::*
cpe:2.3:a:7-zip:7-zip:18.06:::::::*
cpe:2.3:a:7-zip:7-zip:18.05:::::::*
cpe:2.3:a:7-zip:7-zip:18.03:::::::*
cpe:2.3:a:7-zip:7-zip:18.01:::::::*
cpe:2.3:a:7-zip:7-zip:18.00:::::::*
cpe:2.3:a:7-zip:7-zip:17.01:::::::*
cpe:2.3:a:7-zip:7-zip:17.00:::::::*
cpe:2.3:a:7-zip:7-zip:16.04:::::::*
cpe:2.3:a:7-zip:7-zip:16.03:::::::*
cpe:2.3:a:7-zip:7-zip:16.02:::::::*
cpe:2.3:a:7-zip:7-zip:16.01:::::::*
cpe:2.3:a:7-zip:7-zip:16.00:::::::*
cpe:2.3:a:7-zip:7-zip:15.13:::::::*
cpe:2.3:a:7-zip:7-zip:15.12:::::::*
cpe:2.3:a:7-zip:7-zip:15.11:::::::*
cpe:2.3:a:7-zip:7-zip:15.10:::::::*
cpe:2.3:a:7-zip:7-zip:15.09:::::::*
cpe:2.3:a:7-zip:7-zip:15.08:::::::*
cpe:2.3:a:7-zip:7-zip:15.07:::::::*
cpe:2.3:a:7-zip:7-zip:15.06:::::::*
cpe:2.3:a:7-zip:7-zip:15.05:::::::*
cpe:2.3:a:7-zip:7-zip:9.38:::::::*
cpe:2.3:a:7-zip:7-zip:9.36:::::::*
cpe:2.3:a:7-zip:7-zip:9.35:::::::*
cpe:2.3:a:7-zip:7-zip:9.34:::::::*
cpe:2.3:a:7-zip:7-zip:9.22:::::::*
cpe:2.3:a:7-zip:7-zip:9.21:::::::*
cpe:2.3:a:7-zip:7-zip:9.19:::::::*
cpe:2.3:a:7-zip:7-zip:9.18:::::::*
cpe:2.3:a:7-zip:7-zip:9.17:::::::*
cpe:2.3:a:7-zip:7-zip:9.16:::::::*
cpe:2.3:a:7-zip:7-zip:9.15:::::::*
cpe:2.3:a:7-zip:7-zip:9.14:::::::*
cpe:2.3:a:7-zip:7-zip:9.13:::::::*
cpe:2.3:a:7-zip:7-zip:9.12:::::::*
cpe:2.3:a:7-zip:7-zip:9.11:::::::*
cpe:2.3:a:7-zip:7-zip:9.09:beta::::::
cpe:2.3:a:7-zip:7-zip:15.05:beta::::::
cpe:2.3:a:7-zip:7-zip:18.01:::::windows::
cpe:2.3:a:7-zip:7-zip:18.00:::::windows::
cpe:2.3:a:7-zip:7-zip:17.01:::::windows::
cpe:2.3:a:7-zip:7-zip:17.00:::::windows::
cpe:2.3:a:7-zip:7-zip:16.04:::::windows::
cpe:2.3:a:7-zip:7-zip:16.03:::::windows::
cpe:2.3:a:7-zip:7-zip:16.02:::::windows::
cpe:2.3:a:7-zip:7-zip:16.01:::::windows::
cpe:2.3:a:7-zip:7-zip:16.00:::::windows::
cpe:2.3:a:7-zip:7-zip:15.14:::::windows::
cpe:2.3:a:7-zip:7-zip:15.13:::::windows::
cpe:2.3:a:7-zip:7-zip:15.12:::::windows::
cpe:2.3:a:7-zip:7-zip:15.11:::::windows::
cpe:2.3:a:7-zip:7-zip:15.10:::::windows::
cpe:2.3:a:7-zip:7-zip:15.09:::::windows::
cpe:2.3:a:7-zip:7-zip:15.08:::::windows::
cpe:2.3:a:7-zip:7-zip:15.07:::::windows::
cpe:2.3:a:7-zip:7-zip:15.06:::::windows::
cpe:2.3:a:7-zip:7-zip:15.05:::::windows::
cpe:2.3:a:7-zip:7-zip:9.38:::::windows::
cpe:2.3:a:7-zip:7-zip:9.36:::::windows::
cpe:2.3:a:7-zip:7-zip:9.35:::::windows::
cpe:2.3:a:7-zip:7-zip:9.34:::::windows::
cpe:2.3:a:7-zip:7-zip:9.22:::::windows::
cpe:2.3:a:7-zip:7-zip:9.21:::::windows::
cpe:2.3:a:7-zip:7-zip:9.20:::::windows::
cpe:2.3:a:7-zip:7-zip:9.19:::::windows::
cpe:2.3:a:7-zip:7-zip:9.18:::::windows::
cpe:2.3:a:7-zip:7-zip:9.17:::::windows::
cpe:2.3:a:7-zip:7-zip:9.16:::::windows::
cpe:2.3:a:7-zip:7-zip:9.15:::::windows::
cpe:2.3:a:7-zip:7-zip:9.14:::::windows::
cpe:2.3:a:7-zip:7-zip:9.13:::::windows::
cpe:2.3:a:7-zip:7-zip:9.12:::::windows::
cpe:2.3:a:7-zip:7-zip:9.11:::::windows::
cpe:2.3:a:7-zip:7-zip:9.10:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:9.09:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:9.07:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:9.06:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:9.04:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:4.65:::::windows::
cpe:2.3:a:7-zip:7-zip:4.64:::::windows::
cpe:2.3:a:7-zip:7-zip:4.63:::::windows::
cpe:2.3:a:7-zip:7-zip:4.62:::::windows::
cpe:2.3:a:7-zip:7-zip:4.61:beta::::windows::*
cpe:2.3:a:7-zip:7-zip:4.60:beta::::windows::*

Details

Source:
NVD

Published:
January 25, 2025

Updated:
February 12, 2025

Risk information

CVSS v3

Base score:
7

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined