Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Posted on By CWS

Nov 19, 2025Ravie LakshmananVulnerability / Risk Intelligence
A just lately disclosed safety flaw impacting 7-Zip has come underneath energetic exploitation within the wild, in response to an advisory issued by the U.Okay. NHS England Digital on Tuesday.
The vulnerability in query is CVE-2025-11001 (CVSS rating: 7.0), which permits distant attackers to execute arbitrary code. It has been addressed in 7-Zip model 25.00 launched in July 2025.
“The particular flaw exists inside the dealing with of symbolic hyperlinks in ZIP recordsdata. Crafted information in a ZIP file may cause the method to traverse to unintended directories,” Pattern Micro’s Zero Day Initiative (ZDI) stated in an alert launched final month. “An attacker can leverage this vulnerability to execute code within the context of a service account.”
Ryota Shiga of GMO Flatt Safety Inc., together with the corporate’s synthetic intelligence (AI)-powered AppSec Auditor Takumi, has been credited with discovering and reporting the vulnerability.

It is value noting that 7-Zip 25.00 additionally resolves one other flaw, CVE-2025-11002 (CVSS rating: 7.0), that permits for distant code execution by making the most of improper dealing with of symbolic hyperlinks inside ZIP archives, leading to listing traversal. Each shortcomings had been launched in model 21.02.
“Lively exploitation of CVE-2025-11001 has been noticed within the wild,” NHS England Digital stated. Nonetheless, there are at the moment no particulars accessible on the way it’s being weaponized, by whom, and in what context.
Provided that there exists proof-of-concept (PoC) exploits, it is important that 7-Zip customers transfer rapidly to use the mandatory fixes as quickly as doable, if not already, for optimum safety.
“This vulnerability can solely be exploited from the context of an elevated person / service account or a machine with developer mode enabled,” safety researcher Dominik (aka pacbypass), who launched the PoC, stated in a submit detailing the failings. “This vulnerability can solely be exploited on Home windows.”

The Hacker News Tags:, , , , , , , ,

Related Posts

5 Lessons from River Island 5 Lessons from River Island The Hacker News
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems The Hacker News
Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches The Hacker News
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns The Hacker News
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake The Hacker News
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords The Hacker News