Tag: 7-Zip
-
Urgent Patch: 7-Zip Flaw (CVE-2025-11001) Actively Exploited for Code Execution
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival tool and warrants immediate attention from all Windows users. The issue, tracked as CVE-2025-11001 with a CVSS score of 7.0, arises…
-
Critical 7-Zip Exploit Now Public: Immediate Patching Required
Since the disclosure of two critical vulnerabilities in 7-Zip, the situation has escalated sharply: functional proof-of-concept exploits are now publicly available that reproduce attacks by altering extraction paths and injecting arbitrary files. This elevates the threat from theoretical to tangible—particularly in corporate environments where archives are processed automatically—because it now represents a confirmed path to…
-
Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files
Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files. The flaws stemmed from how the program handled symbolic links within archives, enabling attackers to traverse outside permitted directories and overwrite or substitute system files. The issues are tracked as CVE-2025-11002 and CVE-2025-11001. In both cases, an…