Get the latest tech news
7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine
Vulnerability stripped MotW tag Windows uses to flag Internet-downloaded files.
“The root cause of CVE-2025-0411 is that prior to version 24.09, 7-Zip did not properly propagate MoTW protections to the content of double-encapsulated archives,” wrote Peter Girnus, a researcher at Trend Micro, the security firm that discovered the vulnerability. “This allows threat actors to craft archives containing malicious scripts or executables that will not receive MoTW protections, leaving Windows users vulnerable to attacks.” Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.
Or read this on ArsTechnica/cdn.vox-cdn.com/uploads/chorus_asset/file/24854079/1234684574.jpg)
