CVE-2025-46652

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/EnisAksu/Argonis/blob/main/CVEs/IZArc/IZArc%20Mark-of-the-Web%20Bypass%20Vulnerability.md
https://github.com/EnisAksu/Argonis/security/advisories/GHSA-637g-8v47-79mv
https://www.izarc.org/news

Configurations

No configuration.

History

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) En IZArc hasta la versión 4.5, existe una vulnerabilidad de omisión de la marca de la web. Cuando un usuario realiza una extracción de un archivo comprimido con la marca de la web, esta no se propaga a los archivos extraídos.

26 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-26 18:15

Updated : 2025-04-29 13:52

NVD link : CVE-2025-46652

Mitre link : CVE-2025-46652

CVE.ORG link : CVE-2025-46652

JSON object : View

Products Affected

No product.

CWE

CWE-830

Inclusion of Web Functionality from an Untrusted Source

6.1 /10