CVE-2025-50328 - Vulnerability Details

Description

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.

Published: 2026-04-29

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

B1 Free Archiver v1.5.86 fails to propagate the Zone.Identifier alternate data stream to files extracted from an archive. This bypasses the Windows Mark of the Web, allowing files to run without triggering Windows Defender SmartScreen or other security prompts. An attacker could deliver a malicious archive, have it extracted on a target machine, and the resulting executables would execute with the user’s privileges, enabling arbitrary code execution and compromising confidentiality, integrity, and availability.

Affected Systems

The flaw is present only in B1 Free Archiver version 1.5.86. It affects Windows operating systems that use this archiver to extract downloaded archives. Systems that rely on B1 Free Archiver for file extraction are at risk.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting that it has not yet been widely exploited. However, the flaw permits arbitrary local code execution if an attacker can provide a malicious archive and the target user extracts it. The attack vector is likely the local extraction of an untrusted archive, which bypasses the Windows security model because the software does not apply the Zone.Identifier stream. Defensive controls such as Windows Defender SmartScreen and mandatory Zone.Identifier settings could mitigate the risk, but their effectiveness is diminished when the archiver does not set the proper alternate data stream.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Free Archiver

75%

Version	Status	Scheme	Platform
`1.5.86`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update B1 Free Archiver to a version that correctly applies the Zone.Identifier stream to extracted files, if one is available.
Use a different archiving tool that respects the Windows Mark of the Web or the built‑in Windows extraction facilities.
Configure Group Policy or system settings to enforce the Mark of the Web on any file lacking a Zone.Identifier stream, ensuring that such files are treated as unsafe.
Manually apply a Zone.Identifier stream to extracted files using PowerShell, cmd, or a third‑party utility, especially if the archive comes from an untrusted source.
Maintain up‑to‑date endpoint protection that blocks execution of files without proper Zone.Identifier metadata (e.g., Windows Defender SmartScreen or equivalent pathways).

Generated by OpenCVE AI on April 30, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://b1.org/
https://github.com/math69b/B1FREE/blob/main/B1%20Free%20Archiver%20version

History

Thu, 30 Apr 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		B1 B1 free Archiver
Vendors & Products		B1 B1 free Archiver

Thu, 30 Apr 2026 04:30:00 +0000

Type	Values Removed	Values Added
Title		Bypass of Windows Mark of the Web in B1 Free Archiver enabling untrusted code execution
Weaknesses		CWE-284

Wed, 29 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
References		https://b1.org/ https://github.com/math69b/B1FREE/blob/main/B1%20Free%20Archiver%20version

Subscriptions

B1 Free Archiver

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-29T00:00:00.000Z

Updated: 2026-04-29T20:02:30.158Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50328

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-29T21:16:19.600

Modified: 2026-04-29T21:16:19.600

Link: CVE-2025-50328

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-30T08:21:32Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object