When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
A high-severity vulnerability was recently discovered, and patched, in the popular open source file archiver solution 7-Zip.
The vulnerability in question is tracked as CVE-2025-0411.
It was given a severity score of 7/10 - high.
This helps prevent malicious scripts or executables from running automatically, prompting users to confirm before opening such files.
Patching the flaw
7-Zip added support for MotW in June 2022, in version 22.00.
However, the feature was improperly implemented, and could be bypassed.
“The specific flaw exists within the handling of archived files.
An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.”
The bug has since been mitigated, with a version 24.09 being released in late November 2024.
