CVE-2025-53816 is a memory-corruption flaw in 7-Zip's RAR5 handler. According to the CVE record, versions prior to 25.0.0 can write zeroes outside a heap buffer, which may result in denial of service and other memory-corruption effects. Version 25.0.0 is identified as the fix.
CVE-2025-0411 is a 7-Zip Mark of the Web (MOTW) bypass that CISA added to the Known Exploited Vulnerabilities catalog on 2025-02-06. Because CISA has set a mitigation due date of 2025-02-27, organizations should treat affected 7-Zip deployments as an urgent patch and mitigation priority.
