{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unimportant\"}"}}}], "affected": [{"vendor": "debian", "product": "p7zip", "platforms": ["bookworm", "bullseye", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "7zip", "platforms": ["bookworm", "forky", "sid", "trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-0411"}], "descriptions": [{"lang": "en", "value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.  The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-01-25T04:28:24.270Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "p7zip", "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles-ltss:15:sp1", "cpe:/o:suse:sles-ltss:15:sp2", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15", "cpe:/o:suse:sles:15:sp1", "cpe:/o:suse:sles:15:sp2", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_sap:15:sp6"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "p7zip-full", "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sles-ltss:15:sp2", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp2", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_sap:15:sp6"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1236152"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0411", "name": "Mitre CVE-2025-0411"}, {"url": "https://www.suse.com/security/cve/CVE-2025-0411", "name": "SUSE CVE-2025-0411"}], "descriptions": [{"lang": "en", "value": "\n    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-02-12T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "p7zip", "platforms": ["cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles_sap:15:sp6"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "p7zip-full", "platforms": ["cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles_sap:15:sp6"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1236152"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0411", "name": "Mitre CVE-2025-0411"}, {"url": "https://www.suse.com/security/cve/CVE-2025-0411", "name": "SUSE CVE-2025-0411"}], "descriptions": [{"lang": "en", "value": "\n    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-02-12T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "p7zip", "platforms": ["cpe:/o:suse:sles:12:sp2", "cpe:/o:suse:sles:12:sp4", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1236152"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0411", "name": "Mitre CVE-2025-0411"}, {"url": "https://www.suse.com/security/cve/CVE-2025-0411", "name": "SUSE CVE-2025-0411"}], "descriptions": [{"lang": "en", "value": "\n    7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-02-12T00:00:00Z", "x_subShortName": "suse_server_12"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*"], "vendor": "7-zip", "product": "7-zip", "versions": [{"status": "affected", "version": "0", "lessThan": "24.09", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*"], "vendor": "netapp", "product": "active_iq_unified_manager", "platforms": ["cpe:2.3:o:microsoft:*:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/01/24/6", "tags": ["mailing-list"]}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-0411-7-zip-mitigation-vulnerability", "tags": ["mitigation"]}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-0411-detection-7-zip-vulnerability", "tags": ["mitigation"]}, {"url": "https://security.netapp.com/advisory/ntap-20250207-0005/", "tags": ["third-party-advisory"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-045/", "tags": ["third-party-advisory", "vdb-entry"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0411", "tags": ["x_us-government-resource"]}], "descriptions": [{"lang": "en", "value": "7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456."}, {"lang": "es", "value": "Vulnerabilidad de omisión de 7-Zip Mark-of-the-Web. Esta vulnerabilidad permite a atacantes remotos omitir el mecanismo de protección de la marca de la Web en las instalaciones afectadas de 7-Zip. Se requiere la interacción del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una página maliciosa o abrir un archivo malicioso. La falla específica existe en el manejo de archivos comprimidos. Al extraer archivos de un archivo comprimido manipulado que lleva la marca de la Web, 7-Zip no propaga la marca de la Web a los archivos extraídos. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto del usuario actual. Era ZDI-CAN-25456."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-693", "description": "CWE-693"}, {"lang": "en", "description": "NVD-CWE-noinfo"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-01-25T05:15:09Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-0411", "state": "PUBLISHED", "dateUpdated": "2025-10-27T17:05:15Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-01-25T05:15:09Z", "assignerShortName": "zdi"}, "dataVersion": "5.0"}