Skip to main content

B1 Free Archiver CVE-2025-50328

| EUVDEUVD-2025-209592 HIGH
Authentication Bypass by Spoofing (CWE-290)
2026-04-29 mitre
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

5
Analysis Generated
Apr 30, 2026 - 14:22 vuln.today
CVSS changed
Apr 30, 2026 - 14:22 NVD
7.3 (HIGH)
EUVD ID Assigned
Apr 29, 2026 - 20:45 euvd
EUVD-2025-209592
Analysis Generated
Apr 29, 2026 - 20:45 vuln.today
CVE Published
Apr 29, 2026 - 00:00 nvd
HIGH 7.3

DescriptionCVE.org

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.

AnalysisAI

B1 Free Archiver v1.5.86 strips Mark of the Web (MotW) protections from files extracted from internet-downloaded archives, allowing untrusted executables to run without Windows Defender SmartScreen warnings. Attackers can deliver malware via email attachments or malicious downloads that, when extracted using this archiver, bypass Windows security prompts entirely. EPSS exploitation probability is minimal (0.01%) with no active exploitation or public POC identified, suggesting limited real-world targeting despite the 7.3 CVSS score and theoretical RCE capability.

Technical ContextAI

Windows Mark of the Web (MotW) is a security mechanism that appends a 'Zone.Identifier' alternate data stream (ADS) to files downloaded from the internet, triggering SmartScreen warnings when executables or potentially dangerous files are opened. Archive extraction software is responsible for propagating this ADS to extracted contents. B1 Free Archiver v1.5.86 fails to implement this propagation, creating a CWE-290 (Authentication Bypass by Spoofing) condition where files lose their internet origin context. This allows executables extracted from malicious archives to run with the same trust level as locally-created files, effectively bypassing a critical defense-in-depth layer in Windows security architecture. The vulnerability exists in the extraction logic of the archiver software itself, not in specific archive formats.

RemediationAI

No vendor-released patch or fixed version has been identified in available data sources at time of analysis. Organizations using B1 Free Archiver should implement compensating controls: switch to alternative archive extraction tools that properly propagate MotW (Windows built-in extraction, 7-Zip 23.0+, WinRAR 6.0+) for handling internet-sourced archives; if B1 Free Archiver must be used, configure endpoint security solutions to block execution of files from common extraction directories (Downloads, Temp) without administrative approval; deploy application control policies (AppLocker, WDAC) to require code signing or explicit allow-listing for executables, which mitigates MotW bypass but may impact legitimate software installation workflows. Network-level controls such as email attachment filtering to block executable content within archives provide defense-in-depth but cannot prevent browser downloads or USB transfer scenarios. Monitor https://b1.org/ and https://github.com/math69b/B1FREE for vendor updates regarding patched versions.

Share

CVE-2025-50328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy