What is CVE-2025-0411?

CVE-2025-0411 is a high-severity vulnerability affecting 7-Zip. It allows attackers to bypass Mark-of-the-Web protections, requiring user interaction for exploitation. Immediate remediation is critical.

What is the severity of CVE-2025-0411?

CVE-2025-0411 has a severity rating of HIGH with a CVSS base score of 7.

CVE-2025-0411 | High Vulnerability in 7-Zip

Q: Is CVE-2025-0411 in CISA KEV?

Yes. CVE-2025-0411 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-0411 is a high-severity vulnerability that affects 7-Zip and the Active IQ Unified Manager. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

Organizations should prioritize patching immediately. Given the significance of this vulnerability, failure to address it may lead to unauthorized access and potential data compromise.

With a CVSS score of 7, this vulnerability poses a serious threat to affected systems, especially in environments where 7-Zip is widely used. Organizations must remain vigilant and implement the necessary patches as soon as they become available.

Vulnerability Details

The 7-Zip Mark-of-the-Web Bypass Vulnerability is classified under CWE-693. It affects all versions of 7-Zip prior to vendor patch. The CVSS vector is CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H with a base score of 7, which indicates a high severity level.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of archived files. The attack vector is local, meaning that an attacker needs to have a local context to exploit this vulnerability. It has high attack complexity and requires user interaction, as the user must either visit a malicious webpage or open a malicious file.

The vulnerability can lead to high confidentiality, integrity, and availability impacts, as attackers may execute arbitrary code in the context of the user. This underscores the importance of user awareness and education regarding unsafe file handling practices.

Risk & Impact Analysis

Risk to organizations includes the potential for unauthorized code execution, which can lead to data breaches and system compromises. The blast radius for this vulnerability is significant, given the popularity of 7-Zip across various sectors. Organizations should address this vulnerability in their priority patch cycle, especially those that handle sensitive data.

Given that this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, organizations must act swiftly to mitigate risks associated with it.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions of 7-Zip prior to the vendor patch are affected by this vulnerability. Organizations are advised to check their current version and plan for an upgrade.

Mitigation & Remediation

Organizations should apply the latest patches from the vendor immediately to mitigate this vulnerability. If an upgrade is not possible, consider alternative workarounds, such as disabling the extraction feature for untrusted files.

For further guidance on effective security practices, organizations can refer to penetration testing services to identify potential weaknesses in their security posture.

Detection Guidance

Organizations should monitor their systems for unusual file extraction activities, especially from archived files. Log indicators and behavioral anomalies should be analyzed to detect exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability is that it highlights the importance of web protection mechanisms in file handling applications. Security teams should learn from this incident to improve their defenses against similar vulnerabilities.

Organizations should also consider reviewing their policies regarding file downloads and extractions, ensuring that users are aware of the risks associated with opening files from unknown sources.

For further reading on improving security measures, consider exploring penetration testing methodology and the best practices for securing applications.

Additionally, reviewing the vulnerability management program can help organizations proactively identify and remediate vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0411: High Vulnerability in 7-Zip