What is the CVSS score of CVE-2025-0411?

CVE-2025-0411 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 52.4%.

Which versions of 7 Zip are affected by CVE-2025-0411?

Organizations using 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability face moderate risk from CVE-2025-0411, a protection bypass vulnerability rated CVSS 7.0.. A patch is available.

Is CVE-2025-0411 being actively exploited?

Yes, CVE-2025-0411 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2025-0411?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

7 Zip CVE-2025-0411

HIGH

Protection Mechanism Failure (CWE-693)

2025-01-25 zdi-disclosures@trendmicro.com

RCE 7 Zip Active Iq Unified Manager Suse

7.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 02, 2026 - 20:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:05 vuln.today

Added to CISA KEV

Oct 27, 2025 - 17:05 cisa

CISA KEV

CVE Published

Jan 25, 2025 - 05:15 nvd

HIGH 7.0

DescriptionNVD

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

AnalysisAI

7-Zip contains a Mark-of-the-Web bypass vulnerability allowing attackers to circumvent Windows security warnings when extracting files from malicious archives, exploited in campaigns targeting Ukrainian organizations.

Technical ContextAI

The CWE-693 protection bypass occurs when 7-Zip processes double-archived files (an archive within an archive). The inner archive's files lose their MotW alternate data stream during extraction, causing Windows to treat them as locally-created trusted files.

RemediationAI

Update 7-Zip to the latest version. Train users about double-archive attack techniques. Implement application whitelisting to prevent execution of unknown binaries regardless of MotW status.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-0411 vulnerability details – vuln.today

Back

7 Zip CVE-2025-0411

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code