Share
## https://sploitus.com/exploit?id=D333048A-708E-5738-ACB6-E05DD31B8D5A
# CVE-2025-0411 β€” 7-Zip Mark-of-the-Web (MoTW) Bypass 🚨

---

### πŸ” Overview:

A vulnerability in **7-Zip** allows attackers to **bypass Windows security warnings** ⚠️ by using **double-nested archives** πŸ“¦πŸ“¦. When a user extracts the archive, the **Mark-of-the-Web (MoTW)** 🚫 is removed, letting malicious files run without any prompts. This has been **exploited in real-world attacks** 🎯.

---

### πŸ“Œ Technical Details:

* **πŸ†” CVE ID**: CVE-2025-0411
* **🧩 Affected Component**: 7-Zip (Windows)
* **πŸ“ Vector**: Local – user must extract the file
* **🧠 Complexity**: High (needs crafting + social engineering)
* **πŸ™… Privileges Needed**: None
* **πŸ‘€ User Action Required**: Yes
* **πŸ’£ Impact**: Security bypass ➜ Code execution
* **πŸ”₯ Severity (CVSS 3.1)**: 7.0 (High πŸ”΄)

---

### πŸ’₯ Exploitation in the Wild:

* 🎯 Used in phishing campaigns targeting Ukraine and Eastern Europe
* πŸ’Ύ Attackers used homoglyph filenames and nested archives to **evade antivirus**
* 🐍 Delivered malware like **SmokeLoader** silently


![bug2](https://github.com/user-attachments/assets/5608ec55-449a-4175-95e2-a5da023de6bb)

---

### πŸ“… Timeline:


| πŸ“† Date      | πŸ—“οΈ Event Description                              |
| ------------ | -------------------------------------------------- |
| Sep 2024     | Vulnerability discovered by internal research πŸ”  |
| Oct 15, 2024 | Privately reported to vendor via Bug Bounty πŸ’°     |
| Nov 30, 2024 | Patch released in version **v5.8.1** πŸ›‘οΈ           |
| Jan 10, 2025 | Public advisory published by vendor πŸ“’            |
| Feb 6, 2025  | Added to **CISA KEV catalog** 🚨                   |
| Mar 1, 2025  | Federal agencies' **patch deadline (BOD 22-01)** ⏰ |

---

### βœ… Mitigation Tips:

1. πŸ†™ **Update 7-Zip to v24.09+** immediately
2. πŸ“§ Block nested archives in email gateways
3. 🧠 Train users about suspicious files & homoglyph attacks
4. πŸ–₯️ Enforce SmartScreen + MoTW policies
5. πŸ•΅οΈβ€β™‚οΈ Hunt for unsigned executables in download folders without MoTW

---

### ⚠️ Final Advice:

This bug turns 7-Zip into a **security bypass tool** 🎭. Treat double-nested archives as suspicious, and **don’t extract untrusted files** until you're patched. Stay alert, stay patched! 🚫🦠

---

### ⚠️ Disclaimer:

This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!