PT-2024-10268 · Igor Pavlov+2 · 7-Zip+2
Mortem
·
Published
2024-10-01
·
Updated
2026-03-10
·
CVE-2025-0411
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
7-Zip versions prior to 24.09
Description
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. The vulnerability has been exploited in real-world attacks, targeting Ukrainian organizations with SmokeLoader malware via spear-phishing and homoglyph attacks.
Recommendations
- Update 7-Zip to version 24.09 or later on all company devices immediately. As a temporary workaround, consider disabling the handling of archived files in 7-Zip until a patch is available. Restrict access to the 7-Zip File Manager to minimize the risk of exploitation. Avoid using 7-Zip to extract files from untrusted sources until the issue is resolved.
Exploit
Fix
RCE
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
7-Zip
Alt Linux
Red Os