CVE-2025-46652

low-risk

Published 2025-04-26

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.

Do I need to act?

0.19% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

References (3)

https://github.com/EnisAksu/Argonis/blob/main/CVEs/IZArc/IZArc%20Mark-of-the-Web...

https://github.com/EnisAksu/Argonis/security/advisories/GHSA-637g-8v47-79mv

https://www.izarc.org/news

/ 100

low-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal