7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine
1 min read
Summary
Security researchers have revealed an actively exploited zero-day vulnerability in the 7-Zip archiving utility as part of Russia’s attack on Ukraine.
The vulnerability allowed a Russian cybercriminal group tooverride a Windows protection function that limited the execution of files downloaded from the internet.
This is known as the Mark of the Web and places a “Zone.Identifier” tag onfiles that are downloaded online or from a shared network.
The tag subjects files to stricter scrutiny from Windows Defender SmartScreen and restrictions on execution.
The 7-Zip vulnerability removed these protections and worked by embedding an executable file within a zip file that was then placed in another zip file.
While the outer file had the Mark of the Web tag, the inner file did not.
The vulnerability, known as CVE-2025-0411, was fixed in November.
