7-Zip vulnerability under active exploitation
A newly disclosed security vulnerability affecting 7-Zip is being actively exploited in practice, according to an advisory issued by the United Kingdom’s NHS England Digital. The vulnerability allows remote attackers to execute arbitrary code on affected systems. Vulnerability Details (CVE-2025-11001) The primary vulnerability, identified as CVE-2025-11001 (with a CVSS score of 7.0), lies in the handling of symbolic links within ZIP files. Exploitation Mechanism: Attackers can create crafted data within a ZIP archive that forces the decompression process to traverse unwanted directories. Impact: Allows remote code execution (RCE) in the context of the affected user or service account. Discovery: The flaw was discovered and reported by Ryota Shiga of GMO Flatt Security Inc., with the help of the AI-powered AppSec Auditor Takumi audit tool. Related Vulnerability (CVE-2025-11002) The 7-Zip version 25.00 update also addresses another similar flaw, CVE-2025-11002 (CVSS score of 7.0). This vulnerability also exploits improper handling of symbolic links in ZIP files to achieve directory traversal and RCE. Both flaws were introduced in 7-Zip version 21.02. ...