A critical security flaw in 7-Zip, CVE-2025-11001, is actively exploited in the wild, allowing remote code execution through crafted ZIP files. Users should update to version 25.00 immediately to mitigate the risk. #7Zip #CVE202511001
Keypoints
- The vulnerability CVE-2025-11001 affects 7-Zip and involves symbolic link handling in ZIP files.
- Active exploitation has been observed, though specific attack methods and perpetrators remain unknown.
- Version 25.00 of 7-Zip released in July 2025 fixes this flaw along with another related vulnerability, CVE-2025-11002.
- The flaw can only be exploited on Windows systems, especially with elevated user or developer mode enabled.
- Security experts urge users to update promptly to avoid potential malware or data breaches.
Read More: https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html