Technology

Worrying Windows security issue patched by 7-Zip, so patch now

January 22, 2025

Security researchers warned about a vulnerability in older versions of 7-Zip
The vulnerability allowed threat actors to bypass the Mark of the Web security feature
The bug was fixed in late November 2024

A high-severity vulnerability was recently discovered, and patched, in the popular open source file archiver solution 7-Zip. Since the product does not have an automatic update feature, users are advised to upgrade to the newest version manually, as soon as possible.

The vulnerability in question is tracked as CVE-2025-0411. It is described as a Mark of the Web (MotW) bypass, that allows threat actors to execute malicious code on target endpoints that are extracting files from nested archives. It was given a severity score of 7/10 – high.

Mark of the Web is a security feature in Windows that flags files downloaded from the internet as potentially unsafe by adding metadata indicating their origin. This helps prevent malicious scripts or executables from running automatically, prompting users to confirm before opening such files.

Patching the flaw

7-Zip added support for MotW in June 2022, in version 22.00. However, the feature was improperly implemented, and could be bypassed. In a recently released advisory, cybersecurity researchers Trend Micro explain:

“This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file,” the researchers said.

“The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.”

The bug has since been mitigated, with a version 24.09 being released in late November 2024.

“7-Zip File Manager didn’t propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive),” the project’s developer, Igor Pavlov, explained.

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar