A high-severity vulnerability (CVE-2025-0411) in 7-Zip allows attackers to bypass the Mark of the Web (MotW) security feature, enabling code execution when extracting malicious files from nested archives. The flaw prevents MotW flags from being propagated to extracted files, allowing attackers to execute arbitrary code on the user's machine. The vulnerability, patched in 7-Zip version 24.09, requires user interaction, such as visiting a malicious page or opening a file. Users are urged to update to the latest version to mitigate the risk, as previous versions remain vulnerable to exploitation in malware attacks.

‍