7-Zip users are urged to update to the latest version (24.09) immediately to address a critical security vulnerability (CVE-2025-0411). This flaw allows attackers to bypass the Mark of the Web (MotW) security warnings in Windows, potentially enabling them to execute malicious code on unsuspecting users’ machines.
Introduced in June 2022, MotW flags downloaded files as potentially risky, prompting warnings when users attempt to open or run them. This additional layer of security helps prevent malware infections.
The newly patched vulnerability allowed attackers to exploit nested archives. When extracting malicious files from such archives, 7-Zip failed to propagate the MotW flag to the extracted files, essentially rendering the security warnings useless.
Fortunately, the 7-Zip developer released a fix on November 30th, 2024. However, due to the lack of auto-update functionality, many users might still be running vulnerable versions.
Given the potential severity of this exploit, it’s crucial for all 7-Zip users to update to version 24.09 as soon as possible. This vulnerability is similar to others exploited in the past to deliver malware. Patching promptly is essential to stay protected.