The remote code execution vulnerability in 7-Zip, CVE-2025-11001, has been actively exploited, threatening millions of users with malware and system compromise. Disclosed in October 2025, the flaw arises from improper handling of symbolic links in ZIP archives, enabling attackers to traverse directories and execute arbitrary code. Security experts noted that simply opening a malicious ZIP file can lead to severe consequences, allowing ransomware deployment, sensitive data theft, or backdoor establishment. Further compounding the issue is a related vulnerability, CVE-2025-11002, also with a CVSS score of 7.0, exposed in the same version of 7-Zip.
The vulnerability’s severity is elevated by its ease of exploitation, requiring minimal user interaction, making it a vector for phishing and drive-by downloads. The NHS England Digital issued an urgent advisory regarding the active exploitation of CVE-2025-11001 on November 18, 2025, urging users to upgrade to version 25.00, which addresses the issue. The patch incorporates stricter path canonicalization to block potential traversal attacks, thereby neutralizing both CVEs, and highlights the need for immediate action by organizations that heavily utilize 7-Zip for file operations. As attacks primarily target unpatched systems within sensitive sectors like healthcare and finance, the urgency for remediation is paramount.
👉 Pročitaj original: Cyber Security News
