7-Zip Releases Patch for Critical Security Vulnerability
/ 1 min read
🗄️ 7-Zip addresses critical vulnerability allowing code execution bypassing Windows security. A high-severity flaw, tracked as CVE-2025-0411, in the 7-Zip file archiver enables attackers to circumvent the Mark of the Web (MotW) security feature, potentially executing malicious code on users’ systems when extracting files from nested archives. Although 7-Zip implemented MotW support in June 2022 to warn users about untrusted files, this vulnerability allows the extraction of files without the necessary security flags. The issue was patched in version 24.09 released on November 30, 2024, but many users may still be using vulnerable versions due to the lack of an auto-update feature. Users are urged to update their installations promptly to mitigate the risk of malware attacks exploiting this flaw.
