HIGH · CVSS 7.0Disclosed 2025-01-20

CVE-2025-0411 — 7-Zip Mark-of-the-Web bypass

7-Zip failed to propagate the Windows Mark-of-the-Web (MotW) to files extracted from archives, bypassing Windows SmartScreen protections on malicious downloads.

Affects

7-Zip < 24.09

What an attacker does

An attacker distributes a malicious archive. A victim on Windows extracts it with 7-Zip. Files inside the archive lack MotW metadata; SmartScreen does not prompt; malicious executables run without warning.

How to detect

7-Zip version on every Windows dev machine.

How to fix

Upgrade 7-Zip to 24.09+.

How Securie catches it

Securie's developer-machine hygiene checks cover this class of bug.

References

Zero Day Initiative advisory