A critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-11001 (CVSS score 7.0), in the widely used 7-Zip software is currently under active exploitation in the wild.
NHS England issued an alert, confirming that remote attackers can trigger the flaw to execute arbitrary code on affected 7-Zip installations.
Vulnerability Details and Exploitation
The core of the vulnerability lies in the handling of symbolic links within ZIP files. A security researcher has publicly released a Proof-of-Concept (PoC) exploit, demonstrating how attackers can use crafted ZIP files to abuse this mechanism.
This flaw, known as a directory traversal vulnerability, allows malicious symbolic links to let attackers escape the intended extraction folder. In certain scenarios, this can enable arbitrary code execution in the context of a service account.
The attack requires user interaction, meaning a victim must interact with the affected product, though the specific attack vectors may vary. Importantly, the vulnerability can only be exploited on the Windows operating system and typically requires an elevated user or service account context, or a machine with developer mode enabled.
Urgent Mitigation
The vulnerability was patched in 7-Zip version 25.00, which was released in July 2025. Due to the active exploitation in the wild and the public availability of the PoC exploit, all 7-Zip users are strongly advised to upgrade their software immediately to the latest version to prevent compromise.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
