Cyber Security News

7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog.

The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers to bypass the Mark-of-the-Web (MotW) security feature and execute arbitrary code on targeted systems.

Details of the 7-Zip Vulnerability

The flaw in question is a protection mechanism failure that compromises 7-Zip’s ability to enforce the Mark-of-the-Web security feature.

MotW is a key defense mechanism in Windows that flags files downloaded from untrusted sources, restricting potentially harmful actions.

CVE-2025-0411 exploits this weakness, enabling remote attackers to bypass these safeguards. Once exploited, the attacker can execute arbitrary code within the context of the current user, potentially leading to data theft, system compromise, and other malicious activities.

The vulnerability has been categorized under Common Weakness Enumeration (CWE) 693, which is specific to protection mechanism failures.

While there is no confirmation yet that the flaw has been utilized in ransomware campaigns, experts are urging organizations to take the threat seriously.

CISA’s Action Plan and Recommendations

CISA has included CVE-2025-0411 in its KEV catalog to raise awareness and prompt action among organizations.

The KEV catalog considered an authoritative source for vulnerabilities being actively exploited in the wild, serves as a critical tool for vulnerability management prioritization. Organizations are strongly advised to:

  1. Apply Mitigations: Follow instructions provided by the vendor to implement recommended patches or mitigations. At the time of reporting, users are awaiting an official fix from the 7-Zip development team.
  2. Discontinue Use: If mitigations are unavailable or patching is not immediately possible, organizations should discontinue using 7-Zip to eliminate the risk.

CISA has set a remediation deadline of February 27, 2025, for federal agencies to address this vulnerability and ensure impacted systems are secured.

The inclusion of the 7-Zip vulnerability in the KEV catalog underscores the increasing sophistication of attack vectors targeting widely used software.

Security experts warn that this vulnerability could easily become a favorite among threat actors due to 7-Zip’s widespread adoption across industries.

As more vulnerabilities are exploited, CISA’s KEV catalog remains a crucial resource for cybersecurity professionals to stay informed and act quickly against emerging threats.

Organizations are encouraged to integrate the catalog into their vulnerability management frameworks to enhance their defenses. 

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

14 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

14 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

15 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

16 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

16 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

17 hours ago