CVE-2025-0411
7-Zip Mark of the Web Bypass Vulnerability
CVSS
—
No CVSS
EPSS
67.1%
p99
KEV
YES
Feb 6, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
67.1%EPSS · 30 days67.1%
2026-06-302026-07-16
Product
7-Zip / 7-Zip
Vulnerability
7-Zip Mark of the Web Bypass Vulnerability
Added to KEV
Feb 6, 2025
Remediate by
Feb 27, 2025
Known ransomware use
No
Summary description
7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.7-zip.org/history.txt ; https://nvd.nist.gov/vuln/detail/CVE-2025-0411
No related CVEs by CWE or product.