Intel Name: Cve-2025-0411: ukrainian organizations targeted in zero-day campaign and homoglyph attacks
Date of Scan: February 5, 2025
Impact: High
Summary: In September 2024, the Threat Hunting team uncovered a 7-Zip zero-day vulnerability (CVE-2025-0411) exploited in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability was reported to 7-Zip creator Igor Pavlov, resulting in a patch released in version 24.09 on November 30, 2024. CVE-2025-0411 enables attackers to bypass Windows Mark-of-the-Web protections by double-archiving files, bypassing security checks, and enabling the execution of malicious content.