top of page
Search

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

  • Nov 20, 2025
  • 2 min read

Key Findings


  • A recently disclosed security vulnerability in 7-Zip, CVE-2025-11001 (CVSS score: 7.0), is being actively exploited in the wild.

  • The vulnerability allows remote attackers to execute arbitrary code by exploiting improper handling of symbolic links in ZIP files.

  • Proof-of-concept (PoC) exploits for the flaw have been publicly released, making it essential for 7-Zip users to update to the patched version 25.00 as soon as possible.

  • The vulnerability can only be exploited from the context of an elevated user/service account or a machine with developer mode enabled, and it is limited to Windows systems.


Background


The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories, allowing an attacker to leverage this vulnerability to execute code in the context of a service account.


Ryota Shiga of GMO Flatt Security Inc., along with the company's artificial intelligence (AI)-powered AppSec Auditor Takumi, has been credited with discovering and reporting the vulnerability.


Exploitation Details


  • Active exploitation of CVE-2025-11001 has been observed in the wild, according to the alert published by NHS England Digital.

  • There are currently no details available on how the vulnerability is being weaponized, by whom, and in what context.

  • The availability of proof-of-concept (PoC) exploits has made it essential for 7-Zip users to apply the necessary fixes as soon as possible.

  • According to security researcher Dominik (aka pacbypass), who released the PoC, the vulnerability can only be exploited from the context of an elevated user/service account or a machine with developer mode enabled, and it is limited to Windows systems.


Mitigation and Patching


  • Version 25.00 of 7-Zip, released in July 2025, addresses the CVE-2025-11001 vulnerability.

  • 7-Zip users are strongly recommended to upgrade to the patched version 25.00 to mitigate the risk of exploitation.

  • The vulnerability can also be addressed by CVE-2025-11002 (CVSS score: 7.0), which was introduced in version 21.02 and resolved in 25.00.


Sources


  • https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html

  • https://securityaffairs.com/184850/security/7-zip-rce-flaw-cve-2025-11001-actively-exploited-in-attacks-in-the-wild.html

  • https://www.reddit.com/r/SecOpsDaily/comments/1p1d6lr/hackers_actively_exploiting_7zip_symbolic/

  • https://x.com/shah_sheikh/status/1991183073099108600

  • https://galileosg.com/2025/11/19/hackers-actively-exploiting-7-zip-symbolic-link-based-rce-vulnerability-cve-2025-11001/

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page