7-Zip Vulnerability Let Remote Attackers Bypass Protections & Execute Arbitrary Code

A newly disclosed vulnerability in the popular file archiving software 7-Zip, identified as CVE-2025-0411, has raised significant security concerns.

This flaw allows remote attackers to bypass Windows’ Mark-of-the-Web (MOTW) protection mechanism, potentially enabling the execution of arbitrary code on affected systems. The vulnerability has been assigned a CVSS score of 7.0, reflecting its high severity.

7-Zip Code Execution Vulnerability

The issue stems from improper handling of files extracted from crafted archives that carry the MOTW flag. When a user extracts such files using vulnerable versions of 7-Zip, the extracted files do not retain the MOTW designation.

Google News

This oversight enables attackers to bypass critical security checks designed to protect against malicious content. By exploiting this flaw, an attacker could execute arbitrary code within the context of the current user.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious file. This makes the vulnerability particularly concerning for environments where users frequently handle files from untrusted sources.

Recently, another code execution vulnerability uncovered in 7-Zip tracked as CVE-2024-11477 affected version 24.07. This vulnerability enables attackers to execute arbitrary code in the context of the current process when users interact with malicious archives.

The vulnerability affects all versions of 7-Zip up to 24.07. Users are strongly advised to update to version 24.09, which addresses this issue and ensures that MOTW flags are correctly propagated to extracted files.

  • October 1, 2024: The vulnerability was reported to the vendor.
  • January 19, 2025: Coordinated public disclosure and release of the patched version.

This flaw poses a significant risk to users, as it undermines a key Windows security feature designed to prevent untrusted files from executing without proper scrutiny. Attackers could exploit this vulnerability to distribute malware or gain unauthorized access to systems, particularly in environments where users have administrative privileges.

The Zero Day Initiative credited researcher Peter Girnus for discovering and reporting this vulnerability.

Mitigation Steps

  1. Update Software: Users should immediately upgrade to 7-Zip version 24.09 or later.
  2. Exercise Caution: Avoid opening archives from unknown or untrusted sources.
  3. Enable Additional Protections: Use endpoint security solutions that can detect and block suspicious file activity.

While 7-Zip has long been a trusted tool for file compression and extraction, this incident underscores that even widely used software can harbor vulnerabilities. Users and organizations should act swiftly to mitigate risks associated with this flaw.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Guru Baran
Guru Baran
https://cybersecuritynews.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.
Facebook Linkedin