CVE-2025-33028

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-33028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-33028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-33028

Published

2025-04-15T18:15:53Z

Modified

2025-05-17T07:48:35Z

Summary

[none]

Details

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, WinZip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.

References

Affected packages

Git / github.com/enisaksu/argonis

Affected ranges

Type: GIT
Repo: https://github.com/enisaksu/argonis
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5e1ff4e5f4fdb3f32aab465f7b429e0b91299d1d