CVE-2025-33026

Name of the Vulnerable Software and Affected Versions PeaZip versions 10.4.0 and earlier

Description This issue allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, PeaZip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this to execute arbitrary code in the context of the current user.

Recommendations For PeaZip versions 10.4.0 and earlier, consider disabling the archive extraction feature until a patch is available. Restrict access to potentially malicious archives to minimize the risk of exploitation. Avoid opening files from untrusted sources to reduce the risk of executing arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.