Security News > 2025 > February > Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

2025-02-04 12:28
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was
News URL
https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html
Related news
- SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools (source)
- Broadcom warns of authentication bypass in VMware Windows Tools (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-01-25 | CVE-2025-0411 | Unspecified vulnerability in 7-Zip 7-Zip Mark-of-the-Web Bypass Vulnerability. | 7.0 |