CVE-2025-33028: 
WinZip vulnerability analysis and mitigation

A Mark-of-the-Web (MotW) Bypass Vulnerability has been discovered in WinZip through version 29.0, tracked as CVE-2025-33028. This vulnerability is an incomplete fix for CVE-2024-8811 and allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. The vulnerability was disclosed on April 15, 2025, affecting all WinZip installations up to version 29.0 (NVD, Security Online).

The vulnerability exists within the handling of archived files where WinZip fails to propagate the Mark-of-the-Web protection to extracted files when opening an archive that has been downloaded from the internet. The CVSS v3.1 Base Score is 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (NVD).

The vulnerability's impact is significant as it allows attackers to execute arbitrary code in the context of the current user. When extracting files from a crafted archive that bears the Mark-of-the-Web, WinZip does not maintain the security tag, allowing potentially malicious files to be treated as trusted local files. This can lead to execution of malicious macros or scripts without triggering security warnings (Security Online).

As of the vulnerability disclosure, no official fix has been released by WinZip Computing. Users are advised to avoid opening untrusted archives with WinZip, use alternative archive tools that properly honor MotW protection, and deploy endpoint protection capable of detecting malicious macro execution (Security Online).