The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog.
The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers to bypass the Mark-of-the-Web (MotW) security feature and execute arbitrary code on targeted systems.
The flaw in question is a protection mechanism failure that compromises 7-Zip’s ability to enforce the Mark-of-the-Web security feature.
MotW is a key defense mechanism in Windows that flags files downloaded from untrusted sources, restricting potentially harmful actions.
CVE-2025-0411 exploits this weakness, enabling remote attackers to bypass these safeguards. Once exploited, the attacker can execute arbitrary code within the context of the current user, potentially leading to data theft, system compromise, and other malicious activities.
The vulnerability has been categorized under Common Weakness Enumeration (CWE) 693, which is specific to protection mechanism failures.
While there is no confirmation yet that the flaw has been utilized in ransomware campaigns, experts are urging organizations to take the threat seriously.
CISA has included CVE-2025-0411 in its KEV catalog to raise awareness and prompt action among organizations.
The KEV catalog considered an authoritative source for vulnerabilities being actively exploited in the wild, serves as a critical tool for vulnerability management prioritization. Organizations are strongly advised to:
CISA has set a remediation deadline of February 27, 2025, for federal agencies to address this vulnerability and ensure impacted systems are secured.
The inclusion of the 7-Zip vulnerability in the KEV catalog underscores the increasing sophistication of attack vectors targeting widely used software.
Security experts warn that this vulnerability could easily become a favorite among threat actors due to 7-Zip’s widespread adoption across industries.
As more vulnerabilities are exploited, CISA’s KEV catalog remains a crucial resource for cybersecurity professionals to stay informed and act quickly against emerging threats.
Organizations are encouraged to integrate the catalog into their vulnerability management frameworks to enhance their defenses.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…