7-Zip MotW Bypass Vulnerability - 20250122002¶
Overview¶
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| 7-zip | < 24.09 | CVE-2025-0411 | 7.0 | High |
What has been observed?¶
CISA has added the above item to their Known Exploited Vulnerabilities (KEV) Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):
- 7-Zip Source Forge: https://sourceforge.net/p/sevenzip/discussion/45797/thread/b95432c7ac/
Additional References¶
- Zero Day Initiative: https://www.zerodayinitiative.com/advisories/ZDI-25-045/
- Bleeping Computer: https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/
Change Log¶
- 2025-01-22: Initial publication.
- 2025-02-07: Noted known exploitation in the wild.