CVE Tools

CVE-2025-0411

Published: Jan 25, 2025Updated: Oct 27, 2025 Sources: CVE List NVD BDU csafCWE-693

Active Exploitation

Since Feb 6, 2025

Patch Available

Description

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:HAttack Complexity

High

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

CWE-693 NVD-CWE-noinfo

Affected Products

active iq unified manager netapp Hardware Firmware

Mixed

Consumer Software / file-utility

РЕД ОС ООО «Ред Софт»

On-premOS

Operating Systems / linux-distro

7-Zip Павлов Игорь

On-prem

Consumer Software / file-utility

Mixed

Consumer Software / file-utility

netappcommercialUSHardware Firmware

7-ziposs-projectConsumer Softwareaka p7zip

ооо «ред софт»commercialRUOperating Systemsaka red soft

павлов игорьindividual-devConsumer Softwareaka igor pavlov, i. pavlov, 7-zip

Exploitability

CISA Known Exploited Vulnerability

Added to KEV:Feb 6, 2025

Remediation due:Feb 27, 2025

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

Official Patch Available

Workaround Available

References

https://www.zerodayinitiative.com/advisories/ZDI-25-045/

zerodayinitiative.com

http://www.openwall.com/lists/oss-security/2025/01/24/6

https://security.netapp.com/advisory/ntap-20250207-0005/

security.netapp.com

and 22 more references View all →

Timeline

Published

Jan 25, 2025

Added to CISA KEV

Feb 6, 2025

Last Updated

Oct 27, 2025

News mentions

1

Киберугрозы 2025-2026: какие уязвимости были и будут в тренде
ru·Positive Technologies (Хабр)· Summary only·Feb 25, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-0411 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows