A recently discovered zero-day vulnerability in the 7-Zip archiving utility has been exploited amid Russia’s ongoing invasion of Ukraine. Researchers revealed that this flaw allowed a Russian cybercrime group to bypass Windows’ Mark of the Web (MotW) protections, which are designed to restrict the execution of files downloaded from the Internet. ⚠️
Tracked as CVE-2025-0411, the vulnerability enabled attackers to embed malicious executables within a double-encapsulated archive. While the outer archive carried the MotW tag, the inner archive did not, leaving Windows users exposed to potential threats.
Trend Micro’s researcher, Peter Girnus, noted that prior to the release of version 24.09 in late November, 7-Zip failed to properly propagate MotW protections, thus creating a security loophole. Users are urged to update their software to mitigate risks!
