A major security flaw has been discovered in WinZip, a popular file compression utility, potentially putting millions of users at risk of malicious code execution. This vulnerability affects WinZip up to version 76.9(64-bit for Windows) and has not yet been patched.
Overview of CVE-2025-33028
The Vulnerability allows attackers to bypass the Mark-of-the-Web (MotW) security feature- an important Windows feature to label files downloaded from the internet. By removing this mark from the extracted files, attackers can trick the windows into treating potentially malicious files as trusted local files. Security researcher Eris Aksu uncovered the vulnerability, tracked as CVE-2025-33028, and released a proof-of-concept (PoC) on GitHub.
How it could be Exploited
When a user downloads an archive from the internet that has been marked with MotW, WinZip doesn’t preserve this tag while extracting the contents. This results in files like macro-enabled Word documents (.docm) or script files being treated as safe, trusted items—even though they originated from the internet.
Mitigation
- Avoid opening archives from untrusted sources.
- Use Windows Defender or third-party antivirus tools that can scan archives before extraction.
- Monitor for future updates or advisories from Corel, the parent company of WinZip.
No official fix has been released at the time of writing, and users are advised to exercise caution when extracting downloaded archives using WinZip.
Follow cybersecurity88 on X and Linkedin for the latest cybersecurity news
Source: hxxps[://]github[.]com/EnisAksu/Argonis/blob/main/CVEs/CVE-2025-33028%20%28WinZip%29/CVE-2025-33028.md
