Information Security News

Tag: CVE-2025-11002

  • Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files

    Critical 7-Zip Flaws Allow Remote Code Execution via Malicious ZIP Files

    by

    ddos
    in

    Two critical vulnerabilities discovered in the 7-Zip archiver allowed remote execution of arbitrary code when processing ZIP files. The flaws stemmed from how the program handled symbolic links within archives, enabling attackers to traverse outside permitted directories and overwrite or substitute system files. The issues are tracked as CVE-2025-11002 and CVE-2025-11001. In both cases, an…