AI description
CVE-2025-0411 is a vulnerability found in the 7-Zip file archiver that allows attackers to bypass the Mark-of-the-Web (MOTW) security feature in Windows. This vulnerability enables attackers to create specially crafted archives. When these archives are extracted using a vulnerable version of 7-Zip, the extracted files do not inherit the MOTW attribute, which normally marks files downloaded from the internet as potentially unsafe. This bypass allows malicious code within the extracted files to execute without triggering the usual security warnings associated with MOTW. Exploiting this vulnerability requires user interaction: a user must either open a malicious file or visit a webpage that triggers the download and extraction of a malicious archive. The vulnerability was addressed in 7-Zip version 24.09, released on November 29, 2024. A proof-of-concept exploit has been publicly released as of January 27, 2025.
- Description
- 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- 7-Zip Mark of the Web Bypass Vulnerability
- Exploit added on
- Feb 6, 2025
- Exploit action due
- Feb 27, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- zdi-disclosures@trendmicro.com
- CWE-693
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
The report I wrote about the CVE-2025-0411 7-Zip Mark-of-the-Web Bypass vulnerability. You can reach the reports through the links below: en: https://t.co/w4yst4m5tn tr: https://t.co/o8ZxNcepoI #MotW #7zip #CVE
@betullssahin
11 May 2025
53 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-0411: Malware infection due to 7-Zip Mark-of-the-Web bypass https://t.co/Yzvlbww9Ae Hello! Today’s 1day-1line features CVE-2025-0411, a zero-day vulnerability in 7-Zip that was exploited to target Ukrainian organizations. Attackers bypassed Windows
@hackyboiz
16 Apr 2025
2413 Impressions
16 Retweets
44 Likes
13 Bookmarks
0 Replies
0 Quotes
SmokeLoader malware exploits 7-Zip vulnerability CVE-2025-0411 to deploy infostealers via weaponized 7z archives. Update 7-Zip to version 24.09+ and enhance email security. #CyberSecurity #Malware #7Zip #SmokeLoader https://t.co/hdySm898kE https://t.co/En0FpmLBfC
@dailytechonx
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
報告したWinRARの脆弱性がJVNで公開されました。7-ZipのMoTWバイパスの件(CVE-2025-0411)のように実際に悪用されるかは分かりませんが、本製品を利用している方は最新版に更新するのが良いと思います。 https://t.co/S1wGkWMaM5
@1sland_m1ne
3 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
23 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
21 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
19 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
PoC Exploit Released for 7-Zip Mark-of-the-Web Bypass Vulnerability (CVE-2025-0411) - CybersecurityNews https://t.co/qTTy5lRGBQ #hacking #technology https://t.co/4ZpYyOyKa0
@cliffvazquez
19 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
18 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
17 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
14 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
4 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CyberSecurity #Vulnerability CVE-2025-0411: 7-Zip Vulnerability Exploited in Attacks on Ukraine https://t.co/0aAaaXp4Se
@Komodosec
3 Mar 2025
65 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
3 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
26 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
26 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
25 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
24 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Explore Cool CVEs 🔹 CVE-2024-45519 🔹 CVE-2024-46538 🔹 CVE-2024-49113 🔹 CVE-2024-9264 🔹 CVE-2025-0411 🔹 CVE-2020-7660 Check it out & level up your exploit game! https://t.co/ZNLzGRXrDy #CyberSecurity #ExploitDev #RedTeam
@defhawk_specter
23 Feb 2025
83 Impressions
1 Retweet
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
22 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
17 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitHub - dhmosfunk/7-Zip-CVE-2025-0411-POC: This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass. https://t.co/xEDxGdJBn2
@akaclandestine
14 Feb 2025
1843 Impressions
11 Retweets
33 Likes
19 Bookmarks
0 Replies
1 Quote
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/cGUdvYTnrI https://t.co/1w277lZuC0
@shbertin
12 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/bcbyqgebks https://t.co/9qO6EIagTv
@shbertin
11 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/cyoow4nRwK https://t.co/jF2Wgm34Rm
@Giodomi1989
11 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/fMGQDqP3QD https://t.co/jSnm6xNLcw
@SeanWilliams68
10 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
10 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
7-Zip & Mark-of-Web (MoW) CVE-2025-0411 Tienes que habilitar la propagación MoW en la GUI o a través del registro https://t.co/ZwvezEVIok https://t.co/vb9PXSTSLe
@elhackernet
10 Feb 2025
3180 Impressions
3 Retweets
37 Likes
7 Bookmarks
2 Replies
0 Quotes
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/Sfo94QAetT https://t.co/xT8JRzJHBm
@SirajD_Official
10 Feb 2025
16 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
9 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-0411 Zero-Day vulnerability in 7-Zip exploited in cyberespionage campaign targeting Ukraine https://t.co/PAlrcHUntZ https://t.co/uUTAfrdKcJ
@scandaletti
9 Feb 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
.@TrendMicro's @thezdi team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks. Learn more: https://t.co/bbT8rhFi30
@christine_fady
9 Feb 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
研究人員近期發現,早前的 7-Zip zero-day 漏洞背後的陰謀,俄羅斯駭客組織在入侵烏克蘭期間,利用 7-Zip 壓縮工具的一個 zero-day 漏洞,成功繞過 Windows 針對下載文件的安全防護機制。該漏洞已被追蹤為 CVE-2025-0411,並於 11 月底隨 7-Zip 版本 24.09 發佈時修復。 https://t.co/XtQTHw6aUQ
@ccbea_
9 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
9 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
.@TrendMicro's @thezdi team offers an analysis of how CVE-2025-0411, a zero-day vulnerability in 7-Zip was actively exploited to target Ukrainian organizations through spear-phishing and homoglyph attacks. Learn more: https://t.co/e6vZhoyl2D
@alexandre_tovar
8 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Stay secure by updating 7-Zip to version 24.09, a critical step to protect against CVE-2025-0411. Our experts provide a detailed breakdown of this vulnerability and its implications for your security posture. Read more:⬇️ https://t.co/2mWAMIOnlD
@TrendMicroRSRCH
8 Feb 2025
370 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Russian cybercriminals are exploiting new 7-Zip vulnerability (CVE-2025-0411) to target Ukrainian organizations. This flaw bypasses Windows' MotW protections, allowing remote code execution via malicious archives. https://t.co/tM7to9cEf9
@achi_tech
8 Feb 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
7 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CVE-2025-0411 7-Zip Mark of the Web #Bypass #Vulnerability https://t.co/txJYjVAGJy
@ScyScan
7 Feb 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件を追加。 - 7-ZipのCVE-2025-0411 - Dante DiscoveryのCVE-2022-23748 - OutlookのCVE-2024-21413 - CyberoamOSのCVE-2020-29574 - Sophos XG FirewallのCVE-2020-15069 https://t.co/0sYTd2KRAC https://t.co/aOFyydVO9D
@__kokumoto
6 Feb 2025
1953 Impressions
4 Retweets
27 Likes
8 Bookmarks
1 Reply
2 Quotes
CVE-2025-0411では、脅威アクターは7-Zipのアーカイブ作成機能を用いてコンテンツを二重にアーカイブすることにより、MoTWを無効化することが可能です。実際にロシアのサイバー犯罪グループは、アーカイブ内に実行ファイルを埋め込み、そのアーカイブを別のアーカイブに埋め込むことで攻撃を行って
@8pBWKnyWbz86364
6 Feb 2025
12 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zip MotW Bypass CVE-2025-0411 明明就垃圾廢洞 為什麼那麼多新聞 = =
@stevenyu113228
6 Feb 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
6 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑🛡️ARCHIVOS ZIP PUEDEN INFECTAR TU EMPRESA SIN SER DETECTADOS: NUEVA VULNERABILIDAD EN 7-ZIP Un fallo de seguridad en 7-Zip (CVE-2025-0411) permitió que ciberdelincuentes evadir protecciones de Windows y desplegar malware sin levantar sospechas. Aunque el ataque fue dirigido
@CycuraMX
5 Feb 2025
5687 Impressions
38 Retweets
94 Likes
36 Bookmarks
0 Replies
0 Quotes
ロシア系ハッカーが7-Zipのゼロデイ脆弱性「CVE-2025-0411」を悪用し、ウクライナの政府機関を標的にサイバー諜報活動を展開。Mark-of-the-Web(MoTW)保護を回避する手法で、SmokeLoaderマルウェアを配布。二重アーカイブとホモグリフ攻撃を利用して偽の.docファイルに誘導。 https://t.co/wCxKsPE1Fb
@01ra66it
5 Feb 2025
801 Impressions
6 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی برای ابزار فشرده سازی و آرشیو 7-Zip از نوع Zero day با کد شناسایی CVE-2025-0411 منتشر شده است که به هکرها امکان bypass کردن مکانیزم های امنیتی و دفاعی ویندوز و بارگزاری بدافزاری با نام smokeloader را می دهد. https://t.co/Poz3aKYxT1 https://t.co/0LkQ9IXO
@AmirHossein_sec
5 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian hackers exploit a 7-Zip vulnerability (CVE-2025-0411) to deploy SmokeLoader malware against Ukrainian industries, threatening sensitive data security. 🚨 #Ukraine #CyberThreats #SmokeLoader link: https://t.co/CDjFdkp3uA https://t.co/5jK1HVR2TE
@TweetThreatNews
5 Feb 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zipの脆弱性がゼロデイ攻撃に悪用されている(CVE-2025-0411) - 合同会社ロケットボーイズ https://t.co/4GeFfqi2f5 #izumino_trend
@sec_trend
5 Feb 2025
66 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0411
@transilienceai
5 Feb 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Windows uses Mark-of-the-web (MoTW) to mark local copies of files which have come from untrusted sources. CVE-2025-0411 allows threat actors to bypass this functionality by placing an archive inside an archive with 7-Zip. CVE-2025-0411 has been observed in the wild.
@Final_456
5 Feb 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAFF445C-96F1-4328-A34E-A8C392B34BF3",
"versionEndExcluding": "24.09"
}
],
"operator": "OR"
}
]
}
]