CVE-2025-46652

{"id": "CVE-2025-46652", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-04-26T18:15:31.297", "references": [{"url": "https://github.com/EnisAksu/Argonis/blob/main/CVEs/IZArc/IZArc%20Mark-of-the-Web%20Bypass%20Vulnerability.md", "source": "cve@mitre.org"}, {"url": "https://github.com/EnisAksu/Argonis/security/advisories/GHSA-637g-8v47-79mv", "source": "cve@mitre.org"}, {"url": "https://www.izarc.org/news", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-830"}]}], "descriptions": [{"lang": "en", "value": "In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content."}, {"lang": "es", "value": "En IZArc hasta la versi\u00f3n 4.5, existe una vulnerabilidad de omisi\u00f3n de la marca de la web. Cuando un usuario realiza una extracci\u00f3n de un archivo comprimido con la marca de la web, esta no se propaga a los archivos extra\u00eddos."}], "lastModified": "2025-10-24T20:16:19.923", "sourceIdentifier": "cve@mitre.org"}