CVE-2025-0411: 7-Zip MOTW Bypass in 24.08 (x64), HIGH Severity
Platform
windows
Component
7-zip
CVE-2025-0411 is a Mark-of-the-Web (MOTW) bypass vulnerability affecting 7-Zip. This flaw allows remote attackers to bypass security mechanisms and potentially execute arbitrary code within the user's context when extracting files from a specially crafted archive. The vulnerability affects 7-Zip version 24.08 (x64). No official patch is currently available.
How to fix
Actualice 7-Zip a una versión posterior a la 24.08. Descargue la última versión desde el sitio web oficial de 7-Zip e instálela. Esto solucionará la vulnerabilidad Mark-of-the-Web.
Frequently asked questions
What is CVE-2025-0411?
CVE-2025-0411 is a Mark-of-the-Web (MOTW) bypass vulnerability in 7-Zip that allows attackers to execute arbitrary code by bypassing security warnings when a user extracts files from a malicious archive.
Am I affected by CVE-2025-0411?
You are likely affected if you are using 7-Zip version 24.08 (x64) and routinely extract files from archives received from untrusted sources. User interaction is required to trigger the vulnerability.
How can I fix or mitigate CVE-2025-0411?
Currently, there is no official patch available. Exercise caution when opening archives from untrusted sources. Consider using alternative archiving tools or sandboxing 7-Zip until a patch is released.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free