A important reminiscence corruption vulnerability within the fashionable file archiver 7-Zip has been found that permits attackers to set off denial of service circumstances by crafting malicious RAR5 archive information.
The vulnerability, tracked as CVE-2025-53816 and designated GHSL-2025-058, impacts all variations of 7-Zip previous to model 25.00.
Safety researcher Jaroslav Lobačevski found the vulnerability from GitHub Safety Lab and has been assigned a CVSS rating of 5.5, inserting it within the medium severity vary.
Whereas the flaw is unlikely to result in arbitrary code execution, it poses important dangers for denial-of-service assaults in opposition to methods processing untrusted archive information.
7-Zip Reminiscence Corruption Vulnerability
The vulnerability stems from a heap-based buffer overflow in 7-Zip’s RAR5 decoder implementation. Particularly, the flaw happens within the NCompress::NRar5::CDecoder part when the software program makes an attempt to recuperate from corrupted archive information by filling broken sections with zeros.
The foundation trigger lies in a miscalculation of the rem worth throughout reminiscence zeroing operations. When processing RAR5 archives, the decoder calls My_ZeroMemory(_window + _winPos, (size_t)rem) the place the rem parameter is calculated as _lzEnd – lzSize.
Nevertheless, the _lzEnd variable will depend on the scale of earlier objects within the archive, which might be managed by attackers.
This miscalculation permits attackers to write down zeros past the allotted heap buffer, doubtlessly corrupting adjoining reminiscence areas and inflicting software crashes.
Testing with AddressSanitizer (ASAN) demonstrated that specifically crafted RAR5 information can set off heap buffer overflows, with one proof-of-concept inflicting a write of 9,469 bytes past the allotted buffer.
7-Zip is likely one of the world’s most generally used file archiving utilities, with the official web site receiving over 1.3 million month-to-month visits and the software program downloaded hundreds of thousands of occasions by means of numerous distribution channels.
The software program’s reputation in each private and enterprise environments amplifies the potential impression of this vulnerability.
Reminiscence corruption vulnerabilities like this one can have extreme penalties, together with system crashes, information corruption, and repair disruptions.
Whereas this particular vulnerability is unlikely to allow distant code execution, it gives attackers with a dependable technique to crash 7-Zip processes, doubtlessly disrupting automated file processing methods or consumer workflows.
The vulnerability is especially regarding as a result of archive information have change into the best choice for cyberattacks, accounting for 39% of all malware supply strategies in line with latest risk analysis.
Malicious actors often exploit archive processing vulnerabilities to bypass safety measures and ship payloads.
Disclosure Timeline and Response
The vulnerability was responsibly disclosed by means of a coordinated disclosure course of:
April 24, 2025: Reported as a personal concern to 7-Zip builders
April 29, 2025: Report acknowledged by the event crew
July 5, 2025: Mounted in 7-Zip model 25.00
Developer Igor Pavlov addressed the vulnerability in 7-Zip 25.00, which was launched on July 5, 2025. The replace additionally contains efficiency enhancements and enhanced CPU thread utilization for compression operations.
Safety specialists strongly advocate that each one 7-Zip customers instantly improve to model 25.00 or later. Since 7-Zip lacks computerized replace performance, customers should manually obtain and set up the most recent model from the official web site.
Organizations processing untrusted archive information ought to implement extra safety measures, together with limiting entry to doubtlessly malicious RAR5 archives and deploying complete file validation earlier than processing.
Increase detection, scale back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Attempt ANY.RUN Now
