top of page
Search

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

  • Nov 20, 2025
  • 2 min read

Key Findings


  • A recently disclosed security vulnerability in 7-Zip, CVE-2025-11001 (CVSS score: 7.0), is being actively exploited in the wild.

  • The vulnerability allows remote attackers to execute arbitrary code by exploiting improper handling of symbolic links in ZIP files.

  • Proof-of-concept (PoC) exploits for the flaw have been publicly released, making it essential for 7-Zip users to update to the patched version 25.00 as soon as possible.

  • The vulnerability can only be exploited from the context of an elevated user/service account or a machine with developer mode enabled, and it is limited to Windows systems.


Background


The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories, allowing an attacker to leverage this vulnerability to execute code in the context of a service account.


Ryota Shiga of GMO Flatt Security Inc., along with the company's artificial intelligence (AI)-powered AppSec Auditor Takumi, has been credited with discovering and reporting the vulnerability.


Exploitation Details


  • Active exploitation of CVE-2025-11001 has been observed in the wild, according to the alert published by NHS England Digital.

  • There are currently no details available on how the vulnerability is being weaponized, by whom, and in what context.

  • The availability of proof-of-concept (PoC) exploits has made it essential for 7-Zip users to apply the necessary fixes as soon as possible.

  • According to security researcher Dominik (aka pacbypass), who released the PoC, the vulnerability can only be exploited from the context of an elevated user/service account or a machine with developer mode enabled, and it is limited to Windows systems.


Mitigation and Patching


  • Version 25.00 of 7-Zip, released in July 2025, addresses the CVE-2025-11001 vulnerability.

  • 7-Zip users are strongly recommended to upgrade to the patched version 25.00 to mitigate the risk of exploitation.

  • The vulnerability can also be addressed by CVE-2025-11002 (CVSS score: 7.0), which was introduced in version 21.02 and resolved in 25.00.


Sources


  • https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html

  • https://securityaffairs.com/184850/security/7-zip-rce-flaw-cve-2025-11001-actively-exploited-in-attacks-in-the-wild.html

  • https://www.reddit.com/r/SecOpsDaily/comments/1p1d6lr/hackers_actively_exploiting_7zip_symbolic/

  • https://x.com/shah_sheikh/status/1991183073099108600

  • https://galileosg.com/2025/11/19/hackers-actively-exploiting-7-zip-symbolic-link-based-rce-vulnerability-cve-2025-11001/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page