Share
## https://sploitus.com/exploit?id=D333048A-708E-5738-ACB6-E05DD31B8D5A
# CVE-2025-0411 β 7-Zip Mark-of-the-Web (MoTW) Bypass π¨
---
### π Overview:
A vulnerability in **7-Zip** allows attackers to **bypass Windows security warnings** β οΈ by using **double-nested archives** π¦π¦. When a user extracts the archive, the **Mark-of-the-Web (MoTW)** π« is removed, letting malicious files run without any prompts. This has been **exploited in real-world attacks** π―.
---
### π Technical Details:
* **π CVE ID**: CVE-2025-0411
* **π§© Affected Component**: 7-Zip (Windows)
* **π Vector**: Local β user must extract the file
* **π§ Complexity**: High (needs crafting + social engineering)
* **π
Privileges Needed**: None
* **π€ User Action Required**: Yes
* **π£ Impact**: Security bypass β Code execution
* **π₯ Severity (CVSS 3.1)**: 7.0 (High π΄)
---
### π₯ Exploitation in the Wild:
* π― Used in phishing campaigns targeting Ukraine and Eastern Europe
* πΎ Attackers used homoglyph filenames and nested archives to **evade antivirus**
* π Delivered malware like **SmokeLoader** silently

---
### π
Timeline:
| π Date | ποΈ Event Description |
| ------------ | -------------------------------------------------- |
| Sep 2024 | Vulnerability discovered by internal research π |
| Oct 15, 2024 | Privately reported to vendor via Bug Bounty π° |
| Nov 30, 2024 | Patch released in version **v5.8.1** π‘οΈ |
| Jan 10, 2025 | Public advisory published by vendor π’ |
| Feb 6, 2025 | Added to **CISA KEV catalog** π¨ |
| Mar 1, 2025 | Federal agencies' **patch deadline (BOD 22-01)** β° |
---
### β
Mitigation Tips:
1. π **Update 7-Zip to v24.09+** immediately
2. π§ Block nested archives in email gateways
3. π§ Train users about suspicious files & homoglyph attacks
4. π₯οΈ Enforce SmartScreen + MoTW policies
5. π΅οΈββοΈ Hunt for unsigned executables in download folders without MoTW
---
### β οΈ Final Advice:
This bug turns 7-Zip into a **security bypass tool** π. Treat double-nested archives as suspicious, and **donβt extract untrusted files** until you're patched. Stay alert, stay patched! π«π¦
---
### β οΈ Disclaimer:
This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!