A lately disclosed safety flaw impacting 7-Zip has come underneath energetic exploitation within the wild, in accordance with an advisory issued by the U.Ok. NHS England Digital on Tuesday.
The vulnerability in query is CVE-2025-11001 (CVSS rating: 7.0), which permits distant attackers to execute arbitrary code. It has been addressed in 7-Zip model 25.00 launched in July 2025.
“The particular flaw exists inside the dealing with of symbolic hyperlinks in ZIP information. Crafted information in a ZIP file could cause the method to traverse to unintended directories,” Development Micro’s Zero Day Initiative (ZDI) mentioned in an alert launched final month. “An attacker can leverage this vulnerability to execute code within the context of a service account.”
Ryota Shiga of GMO Flatt Safety Inc., together with the corporate’s synthetic intelligence (AI)-powered AppSec Auditor Takumi, has been credited with discovering and reporting the vulnerability.
It is value noting that 7-Zip 25.00 additionally resolves one other flaw, CVE-2025-11002 (CVSS rating: 7.0), that permits for distant code execution by making the most of improper dealing with of symbolic hyperlinks inside ZIP archives, leading to listing traversal. Each shortcomings had been launched in model 21.02.
“Energetic exploitation of CVE-2025-11001 has been noticed within the wild,” NHS England Digital mentioned. Nevertheless, there are at present no particulars out there on the way it’s being weaponized, by whom, and in what context.
On condition that there exists proof-of-concept (PoC) exploits, it is important that 7-Zip customers transfer rapidly to use the required fixes as quickly as attainable, if not already, for optimum safety.
“This vulnerability can solely be exploited from the context of an elevated person / service account or a machine with developer mode enabled,” safety researcher Dominik (aka pacbypass), who launched the PoC, mentioned in a publish detailing the issues. “This vulnerability can solely be exploited on Home windows.”
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the newest breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s tendencies in the present day: learn extra, subscribe to our publication, and develop into a part of the NextTech group at NextTech-news.com
