7-Zip Vulnerability CVE-2025-11001 Enables Remote Code Execution Attacks

A critical vulnerability in 7-Zip, identified as CVE-2025-11001, allows remote code execution via symbolic link manipulation in ZIP files. This flaw, which affects versions of 7-Zip starting from 21.02, has been actively exploited, prompting warnings from cybersecurity organizations, including NHS England Digital. Attackers can exploit this vulnerability by crafting malicious ZIP files that lead to unintended directory traversal, enabling arbitrary code execution in the context of the service account running 7-Zip. The vulnerability carries a CVSS score of 7.0 and was reported by Ryota Shiga from GMO Flatt Security Inc. Users are urged to update to version 25.00 or later to mitigate risks. A proof-of-concept exploit is publicly available, increasing the urgency for users to apply patches. The vulnerability is limited to Windows platforms and requires elevated user privileges for exploitation.

Key Points: • CVE-2025-11001 in 7-Zip allows remote code execution through symbolic link manipulation. • Active exploitation has been confirmed, with a public proof-of-concept available. • Users must update to 7-Zip version 25.00 or later to mitigate the risk.