CVE-2025-33027

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Apr 15, 2025

Updated: Apr 25, 2025

CWE ID 829

CWE ID 830

Summary

CVE-2025-33027 is a Mark-of-the-Web Bypass vulnerability affecting Bandisoft Bandizip versions up to 7.37. This issue enables attackers to bypass the Mark-of-the-Web protection mechanism, allowing them to execute arbitrary code in the context of the current user. The vulnerability is triggered when users extract files from a maliciously crafted archive that carries the Mark-of-the-Web. User interaction is necessary for exploitation as the target needs to either visit a malicious webpage or open a malicious file. The flaw resides in Bandizip's handling of archived files, which fails to propagate the Mark-of-the-Web to extracted files, leaving them vulnerable to attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Bandisoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners