CVE-2025-0411

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

46.72%

probability

This CVE has a 46.72% probability of being exploited in the next 30 days.

0% Top 97.7th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-693 · Protection Mechanism Failure

Exploits & PoC

dhmosfunk/7-Zip-CVE-2025-0411-POC

This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.

154

cesarbtakeda/7-Zip-CVE-2025-0411-POC

PoC CVE-2025-0411 — cesarbtakeda/7-Zip-CVE-2025-0411-POC

iSee857/CVE-2025-0411-PoC

7-Zip Mark-of-the-Web绕过漏洞PoC(CVE-2025-0411)

ishwardeepp/CVE-2025-0411-MoTW-PoC

PoC CVE-2025-0411 — ishwardeepp/CVE-2025-0411-MoTW-PoC

4 repos — triés par ⭐ Rechercher sur GitHub ↗

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

TheHackerNews

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

TheHackerNews

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

TheHackerNews

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

BleepingComputer Feb 04, 2025

Signal Intelligence

Confidenceⓘ

82%

EPSS 46.72%

Mentions 4

Last Seen Feb 04, 2025

CNA Information

Analyst Note

CVE-2025-0411 is a very recent 2025 vulnerability with explicit zero-day exploitation reported against Ukraine by BleepingComputer. The article title directly names it as 'exploited in zero-day attacks,' and the timing (CVE published Jan 25, 2025) aligns with active in-the-wild exploitation. No patch date is documented yet, supporting zero-day classification.