
A significant security vulnerability (CVE-2025-0411) has been identified in 7-Zip, potentially allowing attackers to bypass Windows’ Mark of the Web (MotW) security feature. This flaw enables malicious code execution when users extract files from nested archives.
The Vulnerability Explained
The security issue affects 7-Zip’s MotW implementation, introduced in version 22.00 (June 2022). While the software typically adds MotW flags to extracted files from downloaded archives, indicating potential security risks, the vulnerability prevents these flags from propagating in nested archives.
Security Impact
– Bypasses Windows security warnings
– Enables execution of malicious code
– Circumvents Microsoft Office’s Protected View
– Affects user security when handling downloaded files
Resolution and Recommendations
The vulnerability has been patched in 7-Zip version 24.09, released on November 30, 2024. However, due to the absence of an auto-update feature, many users may still be running vulnerable versions.
Recent Similar Exploits
– DarkGate malware operators exploited a similar MotW bypass (CVE-2024-38213)
– Water Hydra group utilized MotW bypass (CVE-2024-21412) for DarkMe RAT deployment
Users are strongly advised to update to the latest 7-Zip version immediately to protect against potential malware attacks exploiting this vulnerability.