Popular file archiver, 7-Zip, contained a flaw that could have allowed attackers to slip malware past Windows’ security defenses.
Security researchers at Trend Micro Zero Day Initiative recently uncovered a vulnerability in 7-Zip, a widely-used file archiving utility. This flaw, tracked as CVE-2025-0411 and assigned a CVSS score of 7.0 (High), could allow attackers to bypass the “Mark-of-the-Web” security feature in Windows.
The Mark-of-the-Web is a critical security mechanism that flags files downloaded from the internet. This flag warns users that a file might be potentially dangerous and triggers security measures like Protected View in Microsoft Office, making it harder for malicious code to execute.
However, the vulnerability in 7-Zip disrupted this protection. As the advisory explains, “The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files.“
This means that even if a downloaded archive was correctly flagged by Windows, extracting files using a vulnerable version of 7-Zip would remove this crucial warning, potentially leaving users unaware of the threat. The advisory warns that attackers could exploit this to “execute arbitrary code in the context of the current user.“
The discovery of CVE-2025-0411 is credited to Peter Girnus of the Trend Micro Zero Day Initiative
Fortunately, the developers of 7-Zip have addressed this vulnerability in version 24.09. Users are strongly urged to update to the latest version immediately. This update ensures that the Mark-of-the-Web is correctly applied to extracted files, maintaining this important layer of security.
To protect yourself from potential exploitation of this vulnerability:
- Update 7-Zip: Download and install version 24.09 or later from the official 7-Zip website.
- Exercise Caution with Untrusted Files: Avoid opening files from unknown or suspicious sources, especially compressed archives.
- Leverage Security Features: Ensure that your operating system and security software are configured to detect and block malicious files.
