- A critical vulnerability, CVE-2025-11001, affecting 7-Zip has been actively exploited since its public disclosure.
- The flaw allows remote code execution via crafted ZIP files manipulating symbolic links, causing directory traversal.
- 7-Zip version 25.00, released in July 2025, contains fixes for this and another similar vulnerability, CVE-2025-11002.
- The vulnerability can only be exploited on Windows systems with elevated privileges or developer mode enabled.
- A public proof-of-concept exploit is available, increasing urgency for users to update software promptly.
A recent security vulnerability in 7-Zip, identified as CVE-2025-11001, has been confirmed to be actively exploited in the wild, according to an advisory released by the United Kingdom‘s NHS England Digital on November 18, 2025. The issue allows remote attackers to execute arbitrary code by exploiting how the software handles symbolic links in ZIP archives, leading to directory traversal and unintended code execution. This flaw holds a CVSS severity score of 7.0.
The vulnerability was addressed in the July 2025 release of 7-Zip 25.00. This version also fixes a related security issue, CVE-2025-11002, which similarly permits remote code execution through improper handling of symbolic links introduced in version 21.02. Both vulnerabilities enable attackers to perform actions with the privileges of a service or elevated account.
According to Trend Micro’s Zero Day Initiative (ZDI), the exploit arises when specially crafted ZIP data causes the program to access files outside intended directories. The flaw could allow code execution within the context of a service account. The discovery and reporting of the vulnerability have been credited to Ryota Shiga of GMO Flatt Security Inc. and the company’s AI-based AppSec Auditor, Takumi.
Investigations confirm active exploitation of CVE-2025-11001, but details on the attackers, methods, or affected targets have yet to be disclosed. Security researcher Dominik, known as pacbypass, released a public proof-of-concept (PoC) exploit demonstrating the vulnerability. He noted in a detailed post that the exploit can only succeed on Windows systems when run by an elevated user, service account, or with developer mode enabled.
Users of 7-Zip are strongly advised to upgrade to version 25.00 as soon as possible to mitigate the risk. The PoC exploit is publicly accessible here. Additional technical details and the advisory on CVE-2025-11001 can be found on the ZDI website. The fix history for 7-Zip is available at the official change log.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Ireland Leads Whiskey Investment Boom with 12-14% Returns
- Crypto Crash Fears Rise as Quantum Threats Loom by 2028
- G-Knot launches biometric crypto wallet with finger vein scan
- Solana Faces Resistance at $140; $200 Target Looks Unlikely in 2025
- Brookfield Launches $100B AI Fund With Nvidia, Kuwait Investment Authority
