Home > Vulnerability Database > CVE-2025-0411

Mend.io Vulnerability Database

CVE-2025-0411

Date: January 24, 2025

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Severity Score

7.0

Related Resources (8)

Url: https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability

Url: http://www.openwall.com/lists/oss-security/2025/01/24/6

Url: https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability

Url: https://www.zerodayinitiative.com/advisories/ZDI-25-045/

Url: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0411

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-0411

Url: https://security.netapp.com/advisory/ntap-20250207-0005/

Url: https://www.mend.io/vulnerability-database/CVE-2025-0411

Severity Score

7.0

Weakness Type (CWE)

Protection Mechanism Failure

CWE-693

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-0411

Date: January 24, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?