216.73.216.86

CVE-2025-33026

· Published 15/04/2025 18:15 · Modified 15/04/2025 18:39

Labels: CVE-2025-33026 2025-04-15CVE-2025-33026CWE-830[email protected]

Essential information

Published
15/04/2025 18:15
Modified
15/04/2025 18:39
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of PeaZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, PeaZip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
peazip / peazip cpe:2.3:a:peazip:peazip:10.4.0:*:*:*:*:*:*:*

References