Two ZDI-disclosed bugs (CVE-2025-11001, CVE-2025-11002) affect 7-Zip’s Linux-to-Windows symlink handling, enabling potential directory manipulation during extraction. The issues involve unsafe path checks and symlink processing that could allow writing files to arbitrary locations, with a fixed patch in v25.00.
Keypoints
- Two ZDI reports describe Linux symlink handling bugs in 7-Zip’s extraction flow.
- The issues revolve around IsSafePath and symlink parsing in ArchiveExtractCallback.cpp.
- Relative Linux/WSL-style symlinks could bypass safety checks and target absolute Windows paths.
- A vulnerable sequence allows creating or overwriting files via a crafted symlink during extraction.
- The fixed release is 7-Zip v25.00 (introduced in v21.02) with exploitation requiring elevated or developer mode.
Read More: https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html