Summary: A vulnerability in the popular file archiver 7-Zip, tracked as CVE-2025-0411, allows attackers to bypass Windows’ Mark-of-the-Web security feature, potentially enabling the execution of malware. This flaw, discovered by Trend Micro Zero Day Initiative, affects the extraction of files from crafted archives, removing critical security warnings. Users are urged to update to version 24.09 of 7-Zip to mitigate this risk.
Threat Actor: Unknown | unknown
Victim: 7-Zip Users | 7-Zip Users
Keypoints :
- Vulnerability CVE-2025-0411 has a CVSS score of 7.0 (High).
- The flaw allows extracted files to lose the Mark-of-the-Web warning, increasing the risk of malware execution.
- Users should update to version 24.09 of 7-Zip to restore the security feature.