Urgent Patch: 7-Zip Flaw (CVE-2025-11001) Actively Exploited for Code Execution
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival tool and warrants immediate attention from all Windows users.
The issue, tracked as CVE-2025-11001 with a CVSS score of 7.0, arises from improper handling of symbolic links inside ZIP files. This flaw allows a crafted archive to redirect file-access operations into unintended directories. Researchers from Trend Micro’s Zero Day Initiative note that such manipulation can enable the execution of arbitrary commands within the privileges of the service account. The problem was addressed in version 7-Zip 25.00, released in July 2025.
The vulnerability was identified by Ryota Shiga of GMO Flatt Security in collaboration with an AI-based application auditor called Takumi. They also submitted the disclosure to the developers. Version 25.00 additionally fixes a second flaw, CVE-2025-11002, which likewise permitted command execution due to improper processing of symbolic links. Both vulnerabilities originated in version 21.02.
According to NHS England Digital, malicious activity leveraging CVE-2025-11001 has already been observed, though details regarding attack methods, actors, and targets remain undisclosed. It is known that proof-of-concept exploits are circulating. One such PoC, published by researcher Dominek, demonstrates that command execution is only possible when run under an elevated account or on a device with Developer Mode enabled. Moreover, exploitation is limited exclusively to the Windows platform.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
