About Remote Code Execution – 7-Zip (CVE-2025-0411) vulnerability. 7-Zip is a popular, free, open-source archiver widely used by organizations as a standard tool for managing archives.
The vulnerability is a bypass of the Mark-of-the-Web mechanism.
🔹 If you download and run a suspicious executable file on Windows, Microsoft Defender’s SmartScreen will block it from executing because it comes from an untrusted source.
🔹 However, if you download a 7z archive containing another 7z archive with malware, you can execute the file with just three double-clicks, and SmartScreen won’t trigger. 🤷♂️ This happens because 7-Zip versions prior to 24.09, released on November 30, 2024, failed to properly apply the Mark-of-the-Web label to extracted files. An exploit example is available on GitHub.
No signs of exploitation in the wild yet, but they are likely to emerge, as this is an easy way to increase the success rate of phishing attacks. Update 7-Zip!