Medium severity6.1NVD Advisory· Published Apr 26, 2025· Updated Apr 15, 2026

CVE-2025-46652

Description

In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/EnisAksu/Argonis/blob/main/CVEs/IZArc/IZArc%20Mark-of-the-Web%20Bypass%20Vulnerability.mdnvd
github.com/EnisAksu/Argonis/security/advisories/GHSA-637g-8v47-79mvnvd
www.izarc.org/newsnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000