CVE-2025-0411 — 7-Zip Mark of the Web Bypass Vulnerability
2025-02-06 • CISA Known Exploited Vulnerability
[event] 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | 7-Zip |
| Product | 7-Zip |
| CWE | CWE-693 |
| CVE ID | CVE-2025-0411 |
| Date Added | 2025-02-06 |
| Due Date | 2025-02-27 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due Date: 2025-02-27