POC详情: 2f4bee5c5a501f52797ac14bfde2681ee8bba7ac

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-0411
关联漏洞
标题: 7-Zip 安全漏洞 (CVE-2025-0411)
描述:7-Zip是7-Zip开源的一个压缩软件。 7-Zip 24.09之前版本存在安全漏洞,该漏洞源于存在绕过漏洞,允许远程攻击者在当前用户的环境中执行任意代码。
描述
CVE-2025-0411
介绍
# CVE-2025-0411 — 7-Zip Mark-of-the-Web (MoTW) Bypass 🚨

---

### 🔍 Overview:

A vulnerability in **7-Zip** allows attackers to **bypass Windows security warnings** ⚠️ by using **double-nested archives** 📦📦. When a user extracts the archive, the **Mark-of-the-Web (MoTW)** 🚫 is removed, letting malicious files run without any prompts. This has been **exploited in real-world attacks** 🎯.

---

### 📌 Technical Details:

* **🆔 CVE ID**: CVE-2025-0411
* **🧩 Affected Component**: 7-Zip (Windows)
* **📍 Vector**: Local – user must extract the file
* **🧠 Complexity**: High (needs crafting + social engineering)
* **🙅 Privileges Needed**: None
* **👤 User Action Required**: Yes
* **💣 Impact**: Security bypass ➜ Code execution
* **🔥 Severity (CVSS 3.1)**: 7.0 (High 🔴)

---

### 💥 Exploitation in the Wild:

* 🎯 Used in phishing campaigns targeting Ukraine and Eastern Europe
* 💾 Attackers used homoglyph filenames and nested archives to **evade antivirus**
* 🐍 Delivered malware like **SmokeLoader** silently


![bug2](https://github.com/user-attachments/assets/5608ec55-449a-4175-95e2-a5da023de6bb)

---

### 📅 Timeline:


| 📆 Date      | 🗓️ Event Description                              |
| ------------ | -------------------------------------------------- |
| Sep 2024     | Vulnerability discovered by internal research 🔍  |
| Oct 15, 2024 | Privately reported to vendor via Bug Bounty 💰     |
| Nov 30, 2024 | Patch released in version **v5.8.1** 🛡️           |
| Jan 10, 2025 | Public advisory published by vendor 📢            |
| Feb 6, 2025  | Added to **CISA KEV catalog** 🚨                   |
| Mar 1, 2025  | Federal agencies' **patch deadline (BOD 22-01)** ⏰ |

---

### ✅ Mitigation Tips:

1. 🆙 **Update 7-Zip to v24.09+** immediately
2. 📧 Block nested archives in email gateways
3. 🧠 Train users about suspicious files & homoglyph attacks
4. 🖥️ Enforce SmartScreen + MoTW policies
5. 🕵️‍♂️ Hunt for unsigned executables in download folders without MoTW

---

### ⚠️ Final Advice:

This bug turns 7-Zip into a **security bypass tool** 🎭. Treat double-nested archives as suspicious, and **don’t extract untrusted files** until you're patched. Stay alert, stay patched! 🚫🦠

---

### ⚠️ Disclaimer:

This PoC is provided for educational and research purposes only. Running this on any system without permission is illegal and unethical !!!
文件快照

 [4.0K]  /data/pocs/2f4bee5c5a501f52797ac14bfde2681ee8bba7ac
├── [ 652]  CVE-2025-0411.cpp
└── [2.4K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。