Hackers Exploit 7-Zip Symbolic Link RCE Vulnerability (CVE-2025-11001)
A significant security vulnerability has been identified in 7-Zip, a widely used file compression tool. This flaw allows remote attackers to execute arbitrary code by exploiting symbolic links within ZIP files.
Details of the Vulnerability
Designated as CVE-2025-11001, this vulnerability has been rated with a CVSS score of 7.0. The UK’s NHS England Digital highlighted that active exploitation of this flaw is occurring in the wild.
- CVE ID: CVE-2025-11001
- CVSS Score: 7.0
- Date Disclosed: November 19, 2025
- Version Affected: 7-Zip prior to 25.00
- Patch Release: July 2025
Mechanism of the Exploit
The flaw occurs in how 7-Zip processes symbolic links in ZIP files. Attackers can craft malicious ZIP files that mislead the application into accessing unintended directories. This traversal can allow execution of code within the context of a service account.
Ryota Shiga from GMO Flatt Security Inc. discovered this vulnerability with the help of the AI-driven AppSec Auditor, Takumi. Additionally, another vulnerability, CVE-2025-11002, with the same CVSS score, addresses similar issues related to symbolic link handling.
Implications of Exploitation
Currently, the specifics of how this vulnerability is being weaponized remain unclear. Nevertheless, evidence exists of proof-of-concept exploits, indicating that users of 7-Zip should promptly update to version 25.00 to secure their systems.
- Exploitable only by an elevated user/service account or devices in developer mode.
- Vulnerability is specific to Windows operating systems.
Security researchers, including Dominik, known as pacbypass, have stressed the urgency for users to apply the latest update in order to mitigate potential threats. As the situation evolves, it is crucial for 7-Zip users to remain vigilant and proactive regarding their security measures.
