CVE-2025-50328
Published: 29 April 2026
Summary
CVE-2025-50328 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in B1 Free Archiver (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Mark-of-the-Web Bypass (T1553.005); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-16 (Security and Privacy Attributes) and CM-11 (User-installed Software).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-16 requires management and control of security attributes like the Zone.Identifier stream, directly addressing the failure to propagate MotW protections during archive extraction.
SI-2 mandates timely identification, reporting, and remediation of flaws such as CVE-2025-50328 in B1 Free Archiver, preventing exploitation through patches or removal.
CM-11 restricts user installation of unapproved software like vulnerable B1 Free Archiver, blocking deployment of tools that fail to preserve security metadata.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly implements Mark-of-the-Web bypass by omitting Zone.Identifier ADS propagation on archive extraction.
NVD Description
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to…
more
propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
Deeper analysisAI
CVE-2025-50328 is a vulnerability in B1 Free Archiver version 1.5.86 that enables files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. Specifically, when an archive downloaded from the internet is extracted using this software, B1 Free Archiver fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. This flaw, classified under CWE-290, allows the extracted files to evade Windows Defender SmartScreen warnings and security prompts, permitting untrusted code execution without standard restrictions. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Attackers can exploit this vulnerability remotely over the network with low complexity and no required privileges or user interaction beyond the victim downloading and extracting the archive. An adversary crafts a malicious archive containing executable files, hosts it online, and tricks a user into downloading and extracting it with the affected B1 Free Archiver version. Upon extraction and execution, the files bypass MotW checks, leading to low-level impacts on confidentiality, integrity, and availability through unrestricted execution of potentially malicious code.
Vendor references include the official site at https://b1.org/ and GitHub repository details at https://github.com/math69b/B1FREE/blob/main/B1%20Free%20Archiver%20version, which may provide version information or updates for mitigation. Security practitioners should verify these sources for patches or workarounds, as no specific advisory details on fixes are detailed in the CVE publication from 2026-04-29.
Details
- CWE(s)