CVE-2025-0411 7-Zip CVE debrief

Who should care

Windows administrators, endpoint security teams, and organizations that rely on 7-Zip to open downloaded or externally sourced archives should prioritize this issue.

Technical summary

The vulnerability is described as a bypass of Windows Mark of the Web handling in 7-Zip. In practical terms, that can weaken security checks and warning flows that depend on downloaded-file trust metadata, especially in workflows that process untrusted archives.

Defensive priority

Urgent — KEV-listed with a 2025-02-27 due date.

Recommended defensive actions

• Apply the vendor-recommended mitigation or upgrade to a fixed 7-Zip release as soon as it is available.
• Track and meet the CISA KEV due date of 2025-02-27 for all affected systems.
• If mitigation cannot be applied promptly, restrict or discontinue 7-Zip use on systems that handle untrusted archives.
• Review workflows that depend on Windows Mark of the Web warnings or controls and add compensating safeguards where possible.

Evidence notes

CISA KEV metadata identifies CVE-2025-0411 as a 7-Zip Mark of the Web bypass, added on 2025-02-06 with a due date of 2025-02-27 and guidance to apply vendor mitigations or discontinue use if mitigations are unavailable. The supplied record also points to NVD and the 7-Zip release history as follow-up references.

Official resources