CVE-2025-50328 - Vulnerability Details

Description

A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.

Published: 2026-04-29

Score: 7.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

B1 Free Archiver version 1.5.86 fails to propagate the Zone.Identifier alternate data stream that Windows uses to mark files downloaded from the internet. As a result, when a malicious archive is extracted, the contained files are treated as local, run without triggering Windows Defender SmartScreen or other security prompts, and can execute arbitrary code. This flaw is an authorization bypass (CWE‑290) that allows untrusted data to be accepted as trusted behaviour.

Affected Systems

The vulnerability exists only in B1 Free Archiver 1.5.86 and affects Windows workstations or servers that use the program to extract archives downloaded from external sources. Any user or service that extracts files with this version is susceptible.

Risk and Exploitability

The EPSS score is less than 1 % and the vulnerability is not listed in CISA’s KEV catalog, indicating it has not yet been widely abused. The CVSS score of 7.3 signals high severity. The likely attack vector is local extraction of a malicious archive supplied by an attacker, which can be performed by a user or process with sufficient privileges. Once the files are extracted they execute with the extracting user’s privileges, enabling local code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Free Archiver

75%

Version	Status	Scheme	Platform
`1.5.86`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Manually create or echo the appropriate Zone.Identifier stream on extracted files, for example with PowerShell cmdlets that set the alternate data stream before execution.
Replace B1 Free Archiver with another decompression utility or use Windows’ built‑in extraction tool, which correctly propagates Zone.Identifier streams.
Configure Group Policy or local security settings to treat any file lacking a Zone.Identifier stream as untrusted, forcing Windows Defender SmartScreen or equivalent controls to block execution.

Generated by OpenCVE AI on May 2, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://b1.org/
https://github.com/math69b/B1FREE/blob/main/B1%20Free%20Archiver%20version

History

Sat, 02 May 2026 08:30:00 +0000

Type	Values Removed	Values Added
Title	Bypass of Windows Mark of the Web in B1 Free Archiver enabling untrusted code execution
Weaknesses	CWE-284

Thu, 30 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-290
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 30 Apr 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		B1 B1 free Archiver
Vendors & Products		B1 B1 free Archiver

Thu, 30 Apr 2026 04:30:00 +0000

Type	Values Removed	Values Added
Title		Bypass of Windows Mark of the Web in B1 Free Archiver enabling untrusted code execution
Weaknesses		CWE-284

Wed, 29 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
References		https://b1.org/ https://github.com/math69b/B1FREE/blob/main/B1%20Free%20Archiver%20version

Subscriptions

B1 Free Archiver

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-29T00:00:00.000Z

Updated: 2026-04-30T13:20:30.225Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-50328

Vulnrichment

Updated: 2026-04-30T13:20:23.698Z

NVD

Status : Awaiting Analysis

Published: 2026-04-29T21:16:19.600

Modified: 2026-04-30T15:48:26.580

Link: CVE-2025-50328

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T12:45:42Z

Weaknesses

CWE-290

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object