CVE-2025-0411
Publication date 25 January 2025
Last updated 14 February 2025
Ubuntu priority
Cvss 3 Severity Score
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Read the notes from the security team
Why is this CVE high priority?
This CVE is in the CISA KEV list
Status
Package | Ubuntu Release | Status |
---|---|---|
7zip | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
p7zip | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
Notes
mdeslaur
This flaw is only in the Windows-specific Mark-of-the-Web code, as such neither 7zip or p7zip on Ubuntu is affected by this issue.
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Local |
Attack complexity | High |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |