Directory Traversal Vulnerability in 7-Zip by the 7-Zip Vendor
CVE-2025-11002
What is CVE-2025-11002?
A vulnerability exists within the handling of symbolic links in ZIP files used by 7-Zip, allowing remote attackers to execute arbitrary code. By crafting specific data within a ZIP file, an attacker can exploit this weakness to cause the application to navigate to unintended directories, potentially executing malicious code under the permissions of a service account. Interaction with the affected product is necessary to activate this exploit, which underscores the importance of proper file handling mechanisms.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
7-Zip 24.09 (x64)
News Articles
CVE-2025-11001 and CVE-2025-11002 Vulnerabilities: Critical Flaws in 7-Zip Enable Remote Code Execution | SOC Prime
Explore CVE-2025-11001 and CVE-2025-11002 overview, critical vulnerabilities in 7-Zip leading to RCE, with details in the SOC Prime blog.
Cyber Security News7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code Remotely
Two high-severity vulnerabilities have been discovered in the popular open-source file archiver, 7-Zip, which could allow remote attackers to execute arbitrary code.
GBHackers News7-Zip Vulnerabilities Allowing Remote Code Execution
Two critical vulnerabilities in 7-Zip’s handling of ZIP archives have emerged, enabling remote attackers to execute arbitrary code.
References
CVSS V3.0
Timeline
Vulnerability published
- đź“°
First article discovered by systemtek.co.uk
Vulnerability Reserved