Recent discoveries have unveiled two high-severity vulnerabilities in 7-Zip, the widely used open-source file archiver. Designated as CVE-2025-11001 and CVE-2025-11002, these flaws could permit remote attackers to execute arbitrary code on affected systems. All versions of 7-Zip prior to the latest release are susceptible, necessitating immediate updates to mitigate potential risks.
Understanding the Vulnerabilities
The core issue in both vulnerabilities lies in 7-Zip’s handling of symbolic links within ZIP archives. Attackers can craft malicious ZIP files containing specially designed data that exploit this weakness. When a user with a vulnerable version of 7-Zip decompresses such an archive, the extraction process can be manipulated to perform a directory traversal. This manipulation allows the extraction to write files outside the intended destination folder, potentially placing malicious payloads in sensitive system locations.
While the attack is initiated remotely through the delivery of the malicious file, exploitation requires user interaction, as the victim must choose to open the archive. The specific attack vectors may vary depending on how 7-Zip is implemented within different environments.
Severity and Potential Impact
Both CVE-2025-11001 and CVE-2025-11002 have been assigned a CVSS 3.0 score of 7.0, classifying them as high-severity threats. A successful exploit could allow an attacker to execute arbitrary code on the affected system with the privileges of the service account or user running the 7-Zip application. This could lead to a full system compromise, data theft, or the deployment of further malware such as ransomware.
The high complexity of the attack and the requirement for user interaction prevent the vulnerabilities from receiving a critical rating, but the potential impact on confidentiality, integrity, and availability remains significant given the widespread use of the 7-Zip utility.
Mitigation Measures
The developer of 7-Zip has released version 25.00, which rectifies these security flaws. All users are strongly advised to update their installations immediately to protect against potential exploitation.
Disclosure Timeline
The vulnerabilities were initially reported to the vendor on May 2, 2025, following a responsible disclosure timeline. A coordinated public advisory was subsequently released on October 7, 2025, to inform the public of the risks and the available patch. These vulnerabilities were uncovered by security researcher Ryota Shiga of GMO Flatt Security Inc., working with takumi-san.ai.
Broader Context of 7-Zip Vulnerabilities
These recent vulnerabilities are part of a series of security issues identified in 7-Zip over the past year. For instance, CVE-2025-0411, a high-severity vulnerability with a CVSS score of 7.0, was discovered in September 2024. This flaw allowed attackers to bypass Windows’ Mark-of-the-Web (MoTW) security mechanism, enabling the execution of arbitrary code. The vulnerability was actively exploited in the wild, particularly targeting Ukrainian organizations, and was linked to cyberespionage campaigns likely orchestrated by Russian cybercrime groups amidst the ongoing Russo-Ukrainian conflict.
Another notable vulnerability, CVE-2024-11477, with a CVSS score of 7.8, was identified in the Zstandard decompression implementation of 7-Zip. This flaw allowed remote attackers to execute malicious code through specially crafted archives. The issue stemmed from improper validation of user-supplied data, resulting in an integer underflow before writing to memory.
Additionally, CVE-2025-55188, discovered in August 2025, allowed attackers to perform arbitrary file writes during archive extraction, potentially leading to code execution on vulnerable systems. This vulnerability exploited 7-Zip’s handling of symbolic links during the extraction process, enabling attackers to write files to locations outside the intended extraction directory.
Recommendations for Users and Organizations
Given the recurring security issues in 7-Zip, users and organizations should adopt the following measures:
1. Regular Updates: Ensure that 7-Zip is updated to the latest version (25.00 or later) to mitigate known vulnerabilities.
2. User Education: Train users to recognize and avoid opening files from untrusted or unknown sources, especially compressed archives.
3. Endpoint Protection: Deploy and maintain robust endpoint protection solutions capable of detecting and blocking malicious file activity.
4. Access Controls: Implement strict access controls to limit the execution of untrusted applications and scripts.
5. Monitoring and Logging: Establish comprehensive monitoring and logging to detect and respond to suspicious activities promptly.
By staying vigilant and proactive, users and organizations can significantly reduce the risk posed by these and other vulnerabilities in widely used software like 7-Zip.
