CVEs-PoC/2025/CVE-2025-0411.md

CVE-2025-0411

Description

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

POC

Reference

• https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability
• https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability

Github

• https://github.com/ARPSyndicate/cve-scores
• https://github.com/B1ack4sh/Blackash-CVE-2025-0411
• https://github.com/GhostTroops/TOP
• https://github.com/PuddinCat/GithubRepoSpider
• https://github.com/RustMacrosRecoil/7-Zip-CVE-2025-0411-POC
• https://github.com/UndercodeUtilities/accesslist
• https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
• https://github.com/cesarbtakeda/7-Zip-CVE-2025-0411-POC
• https://github.com/defHawk-tech/CVEs
• https://github.com/delivr-to/detections
• https://github.com/dhmosfunk/7-Zip-CVE-2025-0411-POC
• https://github.com/dhmosfunk/dhmosfunk
• https://github.com/dpextreme/7-Zip-CVE-2025-0411-POC
• https://github.com/iSee857/CVE-2025-0411-PoC
• https://github.com/ishwardeepp/CVE-2025-0411-MoTW-PoC
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/packetinside/CISA_BOT
• https://github.com/plzheheplztrying/cve_monitor
• https://github.com/samibutt77/Examining-CVEs-Proof-of-Concepts-and-Snort-Based-Detection
• https://github.com/ums91/CISA_BOT
• https://github.com/zhanpengliu-tencent/medium-cve