CVE-2025-0411

Published Jan 25, 2025

Last updated 4 months ago

Exploit knownCVSS high 7.0

Overview

Description
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed
Products
active_iq_unified_manager, 7-zip

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 3.0

Type
Secondary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
7-Zip Mark of the Web Bypass Vulnerability
Exploit added on
Feb 6, 2025
Exploit action due
Feb 27, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

zdi-disclosures@trendmicro.com
CWE-693
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. 🚨 Windows’ Mark-of-the-Web protections are being bypassed: • FileFix “Save As” trick evades MotW • 7-Zip flaw (CVE-2025-0411) strips safety flags 👉 Stay ahead. Get 3 private pentest bids fast at https://t.co/4ZmseOiu9a - no noise, just insight. 🔗https://t.co/Yb

    @PenTestBids

    22 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. The report I wrote about the CVE-2025-0411 7-Zip Mark-of-the-Web Bypass vulnerability. You can reach the reports through the links below: en: https://t.co/w4yst4m5tn tr: https://t.co/o8ZxNcepoI #MotW #7zip #CVE

    @betullssahin

    11 May 2025

    53 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [1day1line] CVE-2025-0411: Malware infection due to 7-Zip Mark-of-the-Web bypass https://t.co/Yzvlbww9Ae Hello! Today’s 1day-1line features CVE-2025-0411, a zero-day vulnerability in 7-Zip that was exploited to target Ukrainian organizations. Attackers bypassed Windows

    @hackyboiz

    16 Apr 2025

    2413 Impressions

    16 Retweets

    44 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  4. SmokeLoader malware exploits 7-Zip vulnerability CVE-2025-0411 to deploy infostealers via weaponized 7z archives. Update 7-Zip to version 24.09+ and enhance email security. #CyberSecurity #Malware #7Zip #SmokeLoader https://t.co/hdySm898kE https://t.co/En0FpmLBfC

    @dailytechonx

    3 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 報告したWinRARの脆弱性がJVNで公開されました。7-ZipのMoTWバイパスの件(CVE-2025-0411)のように実際に悪用されるかは分かりませんが、本製品を利用している方は最新版に更新するのが良いと思います。 https://t.co/S1wGkWMaM5

    @1sland_m1ne

    3 Apr 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    23 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    21 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    19 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. PoC Exploit Released for 7-Zip Mark-of-the-Web Bypass Vulnerability (CVE-2025-0411) - CybersecurityNews https://t.co/qTTy5lRGBQ #hacking #technology https://t.co/4ZpYyOyKa0

    @cliffvazquez

    19 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    18 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    17 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    14 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    4 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. #CyberSecurity #Vulnerability CVE-2025-0411: 7-Zip Vulnerability Exploited in Attacks on Ukraine https://t.co/0aAaaXp4Se

    @Komodosec

    3 Mar 2025

    65 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    3 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    26 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    26 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    25 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    24 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Explore Cool CVEs 🔹 CVE-2024-45519 🔹 CVE-2024-46538 🔹 CVE-2024-49113 🔹 CVE-2024-9264 🔹 CVE-2025-0411 🔹 CVE-2020-7660 Check it out & level up your exploit game! https://t.co/ZNLzGRXrDy #CyberSecurity #ExploitDev #RedTeam

    @defhawk_specter

    23 Feb 2025

    83 Impressions

    1 Retweet

    4 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  21. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    22 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    17 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. GitHub - dhmosfunk/7-Zip-CVE-2025-0411-POC: This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass. https://t.co/xEDxGdJBn2

    @akaclandestine

    14 Feb 2025

    1843 Impressions

    11 Retweets

    33 Likes

    19 Bookmarks

    0 Replies

    1 Quote

  24. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/cGUdvYTnrI https://t.co/1w277lZuC0

    @shbertin

    12 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/bcbyqgebks https://t.co/9qO6EIagTv

    @shbertin

    11 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/cyoow4nRwK https://t.co/jF2Wgm34Rm

    @Giodomi1989

    11 Feb 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/fMGQDqP3QD https://t.co/jSnm6xNLcw

    @SeanWilliams68

    10 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    10 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. 7-Zip & Mark-of-Web (MoW) CVE-2025-0411 Tienes que habilitar la propagación MoW en la GUI o a través del registro https://t.co/ZwvezEVIok https://t.co/vb9PXSTSLe

    @elhackernet

    10 Feb 2025

    3180 Impressions

    3 Retweets

    37 Likes

    7 Bookmarks

    2 Replies

    0 Quotes

  30. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/Sfo94QAetT https://t.co/xT8JRzJHBm

    @SirajD_Official

    10 Feb 2025

    16 Impressions

    1 Retweet

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    9 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/PAlrcHUntZ https://t.co/uUTAfrdKcJ

    @scandaletti

    9 Feb 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. .@TrendMicro's @thezdi team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks. Learn more: https://t.co/bbT8rhFi30

    @christine_fady

    9 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 研究人員近期發現,早前的 7-Zip zero-day 漏洞背後的陰謀,俄羅斯駭客組織在入侵烏克蘭期間,利用 7-Zip 壓縮工具的一個 zero-day 漏洞,成功繞過 Windows 針對下載文件的安全防護機制。該漏洞已被追蹤為 CVE-2025-0411,並於 11 月底隨 7-Zip 版本 24.09 發佈時修復。 https://t.co/XtQTHw6aUQ

    @ccbea_

    9 Feb 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    9 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. .@TrendMicro's @thezdi team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks. Learn more: https://t.co/e6vZhoyl2D

    @alexandre_tovar

    8 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Stay secure by updating 7-Zip to version 24.09, a critical step to protect against CVE-2025-0411. Our experts provide a detailed breakdown of this vulnerability and its implications for your security posture. Read more:⬇️ https://t.co/2mWAMIOnlD

    @trendai_RSRCH

    8 Feb 2025

    370 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🔐 Russian cybercriminals are exploiting new 7-Zip vulnerability (CVE-2025-0411) to target Ukrainian organizations. This flaw bypasses Windows' MotW protections, allowing remote code execution via malicious archives. https://t.co/tM7to9cEf9

    @achi_tech

    8 Feb 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    7 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. #CVE-2025-0411 7-Zip Mark of the Web #Bypass #Vulnerability https://t.co/txJYjVAGJy

    @ScyScan

    7 Feb 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件を追加。 - 7-ZipのCVE-2025-0411 - Dante DiscoveryのCVE-2022-23748 - OutlookのCVE-2024-21413 - CyberoamOSのCVE-2020-29574 - Sophos XG FirewallのCVE-2020-15069 https://t.co/0sYTd2KRAC https://t.co/aOFyydVO9D

    @__kokumoto

    6 Feb 2025

    1953 Impressions

    4 Retweets

    27 Likes

    8 Bookmarks

    1 Reply

    2 Quotes

  42. CVE-2025-0411では、脅威アクターは7-Zipのアーカイブ作成機能を用いてコンテンツを二重にアーカイブすることにより、MoTWを無効化することが可能です。実際にロシアのサイバー犯罪グループは、アーカイブ内に実行ファイルを埋め込み、そのアーカイブを別のアーカイブに埋め込むことで攻撃を行って

    @8pBWKnyWbz86364

    6 Feb 2025

    12 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 7-Zip MotW Bypass CVE-2025-0411 明明就垃圾廢洞 為什麼那麼多新聞 = =

    @stevenyu113228

    6 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    6 Feb 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  45. 🛑🛡️ARCHIVOS ZIP PUEDEN INFECTAR TU EMPRESA SIN SER DETECTADOS: NUEVA VULNERABILIDAD EN 7-ZIP Un fallo de seguridad en 7-Zip (CVE-2025-0411) permitió que ciberdelincuentes evadir protecciones de Windows y desplegar malware sin levantar sospechas. Aunque el ataque fue dirigido

    @CycuraMX

    5 Feb 2025

    5687 Impressions

    38 Retweets

    94 Likes

    36 Bookmarks

    0 Replies

    0 Quotes

  46. ロシア系ハッカーが7-Zipのゼロデイ脆弱性「CVE-2025-0411」を悪用し、ウクライナの政府機関を標的にサイバー諜報活動を展開。Mark-of-the-Web(MoTW)保護を回避する手法で、SmokeLoaderマルウェアを配布。二重アーカイブとホモグリフ攻撃を利用して偽の.docファイルに誘導。 https://t.co/wCxKsPE1Fb

    @01ra66it

    5 Feb 2025

    801 Impressions

    6 Retweets

    14 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  47. به تازگی آسیب پذیری جدیدی برای ابزار فشرده سازی و آرشیو 7-Zip از نوع Zero day با کد شناسایی CVE-2025-0411 منتشر شده است که به هکرها امکان bypass کردن مکانیزم های امنیتی و دفاعی ویندوز و بارگزاری بدافزاری با نام smokeloader را می دهد. https://t.co/Poz3aKYxT1 https://t.co/0LkQ9IXO

    @AmirHossein_sec

    5 Feb 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Russian hackers exploit a 7-Zip vulnerability (CVE-2025-0411) to deploy SmokeLoader malware against Ukrainian industries, threatening sensitive data security. 🚨 #Ukraine #CyberThreats #SmokeLoader link: https://t.co/CDjFdkp3uA https://t.co/5jK1HVR2TE

    @TweetThreatNews

    5 Feb 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 7-Zipの脆弱性がゼロデイ攻撃に悪用されている(CVE-2025-0411) - 合同会社ロケットボーイズ https://t.co/4GeFfqi2f5 #izumino_trend

    @sec_trend

    5 Feb 2025

    66 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Actively exploited CVE : CVE-2025-0411

    @transilienceai

    5 Feb 2025

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.CVE-2025-11002
  2. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.CVE-2025-11001
  3. 7-Zip before 25.01 does not always properly handle symbolic links during extraction.CVE-2025-55188
  4. 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.CVE-2025-53817
  5. 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.CVE-2025-53816

References

Sources include official advisories and independent security research.