CVE-2025-11001

High CVSS: 7.8

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

Vendor

7-zip

Product

7-zip

CWE

CWE-22

Yayın Tarihi

2025-11-19 22:16:02

Güncelleme

2025-11-24 15:07:32

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-22 7-zip HIGH 7-zip 2025

Referanslar

https://www.zerodayinitiative.com/advisories/ZDI-25-949/

Benzer Kayıtlar

High

CVE-2025-11002

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attacke…

Low

CVE-2025-55188

7-Zip before 25.01 does not always properly handle symbolic links during extraction.

Medium

CVE-2025-53816

7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to m…

Medium

CVE-2025-53817

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to vers…

Low

CVE-2022-47111

7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later v…

Low

CVE-2022-47112

7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later…