Vulnerability Details CVE-2025-33027
In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Bandizip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, Bandizip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: this is disputed because Mark-of-the-Web propagation can increase risk via security-warning habituation, and because the intended control sphere for file-origin metadata (e.g., HostUrl in Zone.Identifier) may be narrower than that for reading the file's content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.5%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-33027
-
cpe:2.3:a:bandisoft:bandizip:-
-
cpe:2.3:a:bandisoft:bandizip:0.0.1
-
cpe:2.3:a:bandisoft:bandizip:0.2.0
-
cpe:2.3:a:bandisoft:bandizip:1.0.1
-
cpe:2.3:a:bandisoft:bandizip:1.0.2
-
cpe:2.3:a:bandisoft:bandizip:1.0.3
-
cpe:2.3:a:bandisoft:bandizip:1.0.4
-
cpe:2.3:a:bandisoft:bandizip:2.01
-
cpe:2.3:a:bandisoft:bandizip:2.03
-
cpe:2.3:a:bandisoft:bandizip:2.05
-
cpe:2.3:a:bandisoft:bandizip:2.07
-
cpe:2.3:a:bandisoft:bandizip:2.08
-
cpe:2.3:a:bandisoft:bandizip:2.09
-
cpe:2.3:a:bandisoft:bandizip:3.00
-
cpe:2.3:a:bandisoft:bandizip:3.01
-
cpe:2.3:a:bandisoft:bandizip:3.02
-
cpe:2.3:a:bandisoft:bandizip:3.03
-
cpe:2.3:a:bandisoft:bandizip:3.04
-
cpe:2.3:a:bandisoft:bandizip:3.05
-
cpe:2.3:a:bandisoft:bandizip:3.06
-
cpe:2.3:a:bandisoft:bandizip:3.07
-
cpe:2.3:a:bandisoft:bandizip:3.08
-
cpe:2.3:a:bandisoft:bandizip:3.09
-
cpe:2.3:a:bandisoft:bandizip:3.10
-
cpe:2.3:a:bandisoft:bandizip:3.11
-
cpe:2.3:a:bandisoft:bandizip:5.00
-
cpe:2.3:a:bandisoft:bandizip:5.01
-
cpe:2.3:a:bandisoft:bandizip:5.02
-
cpe:2.3:a:bandisoft:bandizip:5.03
-
cpe:2.3:a:bandisoft:bandizip:5.04
-
cpe:2.3:a:bandisoft:bandizip:5.05
-
cpe:2.3:a:bandisoft:bandizip:5.06
-
cpe:2.3:a:bandisoft:bandizip:5.07
-
cpe:2.3:a:bandisoft:bandizip:5.09
-
cpe:2.3:a:bandisoft:bandizip:5.10
-
cpe:2.3:a:bandisoft:bandizip:5.11
-
cpe:2.3:a:bandisoft:bandizip:5.12
-
cpe:2.3:a:bandisoft:bandizip:5.13
-
cpe:2.3:a:bandisoft:bandizip:5.14
-
cpe:2.3:a:bandisoft:bandizip:5.15
-
cpe:2.3:a:bandisoft:bandizip:5.16
-
cpe:2.3:a:bandisoft:bandizip:5.17
-
cpe:2.3:a:bandisoft:bandizip:6.0
-
cpe:2.3:a:bandisoft:bandizip:6.01
-
cpe:2.3:a:bandisoft:bandizip:6.02
-
cpe:2.3:a:bandisoft:bandizip:6.03
-
cpe:2.3:a:bandisoft:bandizip:6.04
-
cpe:2.3:a:bandisoft:bandizip:6.05
-
cpe:2.3:a:bandisoft:bandizip:6.06
-
cpe:2.3:a:bandisoft:bandizip:6.07
-
cpe:2.3:a:bandisoft:bandizip:6.08
-
cpe:2.3:a:bandisoft:bandizip:6.09
-
cpe:2.3:a:bandisoft:bandizip:6.10
-
cpe:2.3:a:bandisoft:bandizip:6.11
-
cpe:2.3:a:bandisoft:bandizip:6.12
-
cpe:2.3:a:bandisoft:bandizip:6.13
-
cpe:2.3:a:bandisoft:bandizip:6.14
-
cpe:2.3:a:bandisoft:bandizip:6.15
-
cpe:2.3:a:bandisoft:bandizip:6.16
-
cpe:2.3:a:bandisoft:bandizip:6.17
-
cpe:2.3:a:bandisoft:bandizip:6.18
-
cpe:2.3:a:bandisoft:bandizip:6.19
-
cpe:2.3:a:bandisoft:bandizip:6.20
-
cpe:2.3:a:bandisoft:bandizip:6.21
-
cpe:2.3:a:bandisoft:bandizip:6.22
-
cpe:2.3:a:bandisoft:bandizip:6.23
-
cpe:2.3:a:bandisoft:bandizip:6.24
-
cpe:2.3:a:bandisoft:bandizip:6.25
-
cpe:2.3:a:bandisoft:bandizip:6.26
-
cpe:2.3:a:bandisoft:bandizip:7.0
-
cpe:2.3:a:bandisoft:bandizip:7.01
-
cpe:2.3:a:bandisoft:bandizip:7.02
-
cpe:2.3:a:bandisoft:bandizip:7.03
-
cpe:2.3:a:bandisoft:bandizip:7.04
-
cpe:2.3:a:bandisoft:bandizip:7.06
-
cpe:2.3:a:bandisoft:bandizip:7.07
-
cpe:2.3:a:bandisoft:bandizip:7.08
-
cpe:2.3:a:bandisoft:bandizip:7.09
-
cpe:2.3:a:bandisoft:bandizip:7.10
-
cpe:2.3:a:bandisoft:bandizip:7.11
-
cpe:2.3:a:bandisoft:bandizip:7.12
-
cpe:2.3:a:bandisoft:bandizip:7.13
-
cpe:2.3:a:bandisoft:bandizip:7.14
-
cpe:2.3:a:bandisoft:bandizip:7.15
-
cpe:2.3:a:bandisoft:bandizip:7.16
-
cpe:2.3:a:bandisoft:bandizip:7.17
-
cpe:2.3:a:bandisoft:bandizip:7.19
-
cpe:2.3:a:bandisoft:bandizip:7.20
-
cpe:2.3:a:bandisoft:bandizip:7.21
-
cpe:2.3:a:bandisoft:bandizip:7.22
-
cpe:2.3:a:bandisoft:bandizip:7.23
-
cpe:2.3:a:bandisoft:bandizip:7.24
-
cpe:2.3:a:bandisoft:bandizip:7.25
-
cpe:2.3:a:bandisoft:bandizip:7.26
-
cpe:2.3:a:bandisoft:bandizip:7.27
-
cpe:2.3:a:bandisoft:bandizip:7.29
-
cpe:2.3:a:bandisoft:bandizip:7.30
-
cpe:2.3:a:bandisoft:bandizip:7.31
-
cpe:2.3:a:bandisoft:bandizip:7.32
-
cpe:2.3:a:bandisoft:bandizip:7.33
-
cpe:2.3:a:bandisoft:bandizip:7.35
-
cpe:2.3:a:bandisoft:bandizip:7.36
-
cpe:2.3:a:bandisoft:bandizip:7.37