AI description
CVE-2025-0411 is a vulnerability found in the 7-Zip file archiver that allows attackers to bypass the Mark-of-the-Web (MOTW) security feature in Windows. This vulnerability enables attackers to create specially crafted archives. When these archives are extracted using a vulnerable version of 7-Zip, the extracted files do not inherit the MOTW attribute, which normally marks files downloaded from the internet as potentially unsafe. This bypass allows malicious code within the extracted files to execute without triggering the usual security warnings associated with MOTW. Exploiting this vulnerability requires user interaction: a user must either open a malicious file or visit a webpage that triggers the download and extraction of a malicious archive. The vulnerability was addressed in 7-Zip version 24.09, released on November 29, 2024. A proof-of-concept exploit has been publicly released as of January 27, 2025.
- Description
- 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Awaiting Analysis
CVSS 3.0
- Type
- Secondary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-693
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
23
#threatreport #HighCompleteness CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | 04-02-2025 Source: https://t.co/1JhN5xuKmM Key details below ↓ 💀Threats: Homoglyph_technique, Smokeloader, Motw_bypass_technique,… https://t.co/0cVmG4iUZ
@rst_cloud
5 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2025-0411 - Vulnerabilidad en 7-Zip que permite evadir Mark-of-the-Web 🔒 Investigadores de Trend Micro Zero Day Initiative han identificado una vulnerabilidad en 7-Zip que permite a atacantes evadir la protección "Mark-of-the-Web" (MotW) en Windows. https://t.co/wDzTZnD4
@BanCERT_gt
5 Feb 2025
26 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411: #Ukrainian Organizations Targeted in #Zero_Day Campaign and #Homoglyph_Attacks https://t.co/JJkEVC2hll https://t.co/K0MrlOJFc3
@omvapt
4 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Cibercriminales rusos están explotando una nueva vulnerabilidad de 7-Zip (CVE-2025-0411) para atacar a organizaciones ucranianas Aprovechan una vulnerabilidad de 7-Zip para eludir las protecciones de MotW de Windows CVE-2025-0411 https://t.co/myQV4zkumk https://t.co/6odzsYr1
@elhackernet
4 Feb 2025
3574 Impressions
23 Retweets
67 Likes
22 Bookmarks
0 Replies
0 Quotes
We identified a new #ZeroDay vulnerability exploiting 7-Zip (CVE-2025-0411) being actively exploited in-the-wild on September 25th, 2024. Russian groups utilized this vulnerability, deploying SmokeLoader for espionage operations targeting #Ukraine during the ongoing… https://t.co
@gothburz
4 Feb 2025
20878 Impressions
70 Retweets
243 Likes
119 Bookmarks
7 Replies
4 Quotes
A zero-day vulnerability in 7-Zip, CVE-2025-0411, is being exploited by Russian hackers to bypass the MotW feature in attacks against Ukraine. Update your software to stay secure. 🚨 #7Zip #Ukraine #Malware link: https://t.co/fxI95yO9PU https://t.co/vqnPO4UvsK
@TweetThreatNews
4 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in 7-Zip (CVE-2025-0411) is being exploited to deliver SmokeLoader malware, targeting Ukrainian organizations. Attackers bypass security by manipulating file extensions. #Ukraine #CyberThreat #7Zip link: https://t.co/HZI1tfHLDE https://t.co/0r8PBjmLmP
@TweetThreatNews
4 Feb 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 7-Zip Vulnerability Exploited! Russian cybercrime groups use CVE-2025-0411 to bypass Mark-of-the-Web, delivering SmokeLoader malware via phishing. ✅ Update 7-Zip (v24.09) ✅ Block homoglyph phishing 🔗 https://t.co/QYv8WSXhrz https://t.co/RfMw6x1Xrq
@SecurityJoes
4 Feb 2025
113 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Russian cybercrooks exploiting 7-#Zip zero-day #vulnerability (#CVE-2025-0411) https://t.co/I5nh9LuYvF
@ScyScan
4 Feb 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔐 Russian cybercriminals are exploiting new 7-Zip vulnerability (CVE-2025-0411) to target Ukrainian organizations. This flaw bypasses Windows' MotW protections, allowing remote code execution via malicious archives.
@StreetWalker212
4 Feb 2025
80 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A 7-Zip vulnerability (CVE-2025-0411) was exploited to deliver SmokeLoader malware via spear-phishing. Attackers used homoglyph attacks to bypass MotW protections, tricking Windows into executing malicious files. Update to 7-Zip v24.09 now! #CyberSecurity #Malware
@Haa384039
4 Feb 2025
50 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 Russian cybercriminals are exploiting new 7-Zip vulnerability (CVE-2025-0411) to target Ukrainian organizations. This flaw bypasses Windows' MotW protections, allowing remote code execution via malicious archives. Learn more about the exploit: https://t.co/Ev7X7i7qKF
@TheHackersNews
4 Feb 2025
32897 Impressions
148 Retweets
256 Likes
67 Bookmarks
8 Replies
4 Quotes
Ukrainian organizations face increased risks from CVE-2025-0411, a zero-day vulnerability in 7-Zip exploited by Russian groups in a SmokeLoader campaign using homoglyph techniques. ⚠️ #Ukraine #ZeroDay #CyberThreats link: https://t.co/oNuRILma3Z https://t.co/jC0hX28Jxe
@TweetThreatNews
4 Feb 2025
108 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411: 7-Zip Vulnerability Exploited in Attacks on Ukraine https://t.co/BcYquJU69f
@samilaiho
4 Feb 2025
1007 Impressions
5 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ukrainian organizations face targeted attacks as Russian cybercrime groups exploit CVE-2025-0411 in 7-Zip. Urgent need for improved cybersecurity measures. 🔒 #Ukraine #Malware #CyberThreats link: https://t.co/6VK7HMP0Uj https://t.co/qmqYT4a03M
@TweetThreatNews
4 Feb 2025
100 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-0411 Alert 🚨 Stay informed and learn how to mitigate this vulnerability in 7-Zip. Check out our latest blog post for detailed insights: 👉 https://t.co/3e2DAvEhOf #Cybersecurity #VulnerabilityManagement #CVE20250411 #7Zip #infosec https://t.co/0zX4OmNF2u
@Avotrixtech
3 Feb 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-0411 - уязвимость в #7-Zip https://t.co/KRlmaUO2AK
@kilin_vr
28 Jan 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical 7-Zip vulnerability (CVE-2025-0411): Mark-of-the-Web mishandling lets malware in nested archives bypass SmartScreen. Update to v24.09+ now to stay safe! #7zip #MoTW #Windows ➡️ https://t.co/SbK4yCwalC https://t.co/mZY3TTIqPT
@leonov_av
28 Jan 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Podatność CVE-2025-0411 w oprogramowaniu 7-Zip. Podatność ta pozwala atakującym na ominięcie oznaczenia "MoTW" (Mark of The Web). Źródło i POC w komentarzu!
@redacademypiotr
27 Jan 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-0411> 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. PoC https://t.co/Oj9vch9lCB https://t.co/y4CEDEQkfQ
@cyber_advising
27 Jan 2025
974 Impressions
0 Retweets
10 Likes
3 Bookmarks
1 Reply
0 Quotes
PoC for 7-Zip CVE-2025-0411 Lets Attackers Bypass MotW and Run Malicious Code https://t.co/5WF5V2oouP
@Dinosn
27 Jan 2025
3821 Impressions
27 Retweets
81 Likes
23 Bookmarks
0 Replies
1 Quote
7-ZipのMotW迂回脆弱性CVE-2025-0411に対応するPoC(攻撃の概念実証コード)が公開された。二重に圧縮されたアーカイブの中身にMotWが継承されないというもの。PoCのコードそのものは電卓をインジェクションで実行するもの。 https://t.co/YwilE1T1ww
@__kokumoto
27 Jan 2025
2756 Impressions
17 Retweets
34 Likes
14 Bookmarks
1 Reply
0 Quotes
CVE-2025-0411 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7… https://t.co/vxMy84VPtE
@CVEnew
25 Jan 2025
457 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical Code Execution Vulnerability (CVE-2025-0411) Detected in 7-Zip https://t.co/pYBzkXL00r
@WhalersLtd
23 Jan 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒⚠️ ¡ALERTA DE SEGURIDAD! Vulnerabilidad crítica en 7-Zip permite ejecución de código arbitrario (CVE-2025-0411). 🛡️ Actualiza ahora a la versión 24.09 y evita comprometer tu seguridad. https://t.co/P6jgOXhIx5
@tpx_Security
23 Jan 2025
70 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in 7-Zip, tracked as CVE-2025-0411, allows attackers to bypass the Mark of the Web feature, enabling arbitrary code execution on users' systems; users are urged to update to version 24.09 immediately. #CyberSecurity #7Zip https://t.co/uDUCuhA3C6
@Cyber_O51NT
22 Jan 2025
200 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/6 🚨 CVE-2025-0411: 7-Zip MotW Bypass 🚨 POC available at the end This vulnerability allows attackers to bypass the Mark-of-the-Web (MotW) protection on Windows systems. Here’s how it works and why it matters. 🧵👇
@Seifreed
22 Jan 2025
2267 Impressions
9 Retweets
11 Likes
8 Bookmarks
1 Reply
0 Quotes
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now: https://t.co/o4cn0IQVTd A high-severity vulnerability in 7-Zip, tracked as CVE-2025-0411, allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution on users' PCs when…
@securityRSS
22 Jan 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent Update: High-Risk Vulnerability in 7-Zip Allows Malware Propagation by Bypassing Windows MoTW A critical vulnerability (CVE-2025-0411) has been discovered in the widely used compression tool 7-Zip, enabling attackers to bypass the Mark.. #Windows https://t.co/NdhTX5DLoN
@DIYprojects55
22 Jan 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zip MotW bypass PoC (CVE-2025-0411) https://t.co/m17Uz2iQsa
@artem_i_baranov
22 Jan 2025
14667 Impressions
67 Retweets
192 Likes
111 Bookmarks
34 Replies
1 Quote
🚨 7-Zip MotW Bypass [CVE-2025-0411] – POC released! This exploit leverages double-compressed archives to bypass security warnings & execute arbitrary code. POC + weaponization details here: https://t.co/v437KNiIiQ Vulnerable versions: 7-Zip < 24.09 #CVE2025_0411 #POC
@DSkfunk
22 Jan 2025
13 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Nueva Vulnerabilidad en 7-Zip CVE-2025-0411 ⚠️ Bypass Windows Mark-of-the-Web (MOTW) https://t.co/FtJypEURU8 https://t.co/ILGAcz0Mu4
@elhackernet
22 Jan 2025
8533 Impressions
36 Retweets
77 Likes
28 Bookmarks
0 Replies
1 Quote
7-Zip vulnerability CVE-2025-0411 (CVSS 7.0) allowed attackers to bypass Windows’ Mark-of-the-Web security. Fixed in version 24.09, users must update immediately to prevent arbitrary code execution risks. #7ZIP https://t.co/yJejxLIjur
@zaihuapd
22 Jan 2025
614 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
My MotW security bypass in 7zip was patched in November as CVE-2025-0411. Be sure to patch 7zip to 24.09 to be protected. #infosec #zeroday https://t.co/aVFsaS8Kgy
@gothburz
22 Jan 2025
133 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
#infosec #hacking #CSO #cybersecurity #cybersecurity CVE-2025-0411:7-Zip Remote Code Execution https://t.co/DYbIlQurK2 https://t.co/YI7mOuhb7w
@cncsocom
22 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilità 7-Zip e avvisi ICS: patch e rischi sicurezza Sicurezza Informatica, 7-Zip, cisa, CVE-2025-0411, cybersecurity, ICS, Mark of the Web, patch, protezione, sicurezza, sistemi critici, vulnerabilità https://t.co/Yzh2LOHN82 https://t.co/4uUv6raQ6P
@matricedigitale
22 Jan 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zip has patched a critical vulnerability (CVE-2025-0411) that bypasses Windows' Mark of the Web security, allowing code execution from malicious nested archives. #7Zip #Windows #MalwareThreats 🛡️💻 link: https://t.co/hOnLeRti2B https://t.co/VArmFh4Zep
@TweetThreatNews
21 Jan 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A high-severity vulnerability (CVE-2025-0411) in 7-Zip allows malware execution by bypassing Windows security. Update to version 24.09 to stay safe! #7Zip #WindowsSecurity #TrendMicro link: https://t.co/cauO2s31Od https://t.co/t8YYEHwp8b
@TweetThreatNews
21 Jan 2025
76 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: High severity vulnerability in @7zip. CVE-2025-0411 CVSS: 7.0. It allows attackers to bypass the Mark-of-the-Web security feature. #Patch #Patch #Patch More info: https://t.co/tXyFcWJEG3
@CCBalert
21 Jan 2025
246 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0411 impacts 7-Zip with Code Execution #CVE-2025-0411 #7Zip #CodeExecution https://t.co/o5pLb9zDbf
@pravin_karthik
21 Jan 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zip Vulnerability Allows Arbitrary More Details: https://t.co/4Wwly5cOUz A newly disclosed vulnerability in the popular file archiving software 7-Zip, identified as CVE-2025-0411, has raised significant security concerns. #cybersecurity #vulnerabilit
@gbhackers_news
21 Jan 2025
161 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
7-Zip 24.09で脆弱性が修正された。CVE-2025-0411はCVSSスコア7.0で、Mark-of-the-Webセキュリティ機構の迂回。細工されたアーカイブにおいて、アーカイブに付与されたMotWが展開されたファイルに伝播しないというもの。 https://t.co/rTl40j519t
@__kokumoto
21 Jan 2025
3810 Impressions
24 Retweets
73 Likes
18 Bookmarks
0 Replies
1 Quote