PeaZip Mark-of-the-Web Bypass Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A Mark-of-the-Web bypass vulnerability has been identified in PeaZip versions through 10.4.0. This vulnerability allows attackers to circumvent the Mark-of-the-Web protection mechanism. The issue arises when extracting files from a crafted archive that includes the Mark-of-the-Web; PeaZip fails to transfer this mark to the extracted files. As a result, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current user.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PeaZip Mark-of-the-Web Bypass Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

PeaZip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating