Plattform
windows
Komponente
7-zip
CVE-2025-11002 is a Remote Code Execution (RCE) vulnerability affecting 7-Zip version 24.09 (x64). This flaw arises from improper handling of symbolic links within ZIP files, enabling attackers to potentially execute arbitrary code. Successful exploitation requires user interaction but can lead to significant system compromise. A fix is expected in a future 7-Zip release.
Successful exploitation of CVE-2025-11002 allows an attacker to execute arbitrary code on the target system with the privileges of the user running 7-Zip. This could lead to complete system compromise, data theft, or the installation of malware. The symbolic link traversal vulnerability is particularly concerning as it bypasses normal file access controls. The attack vector involves crafting a specially designed ZIP archive containing symbolic links that point outside the intended extraction directory. This allows the attacker to write files to arbitrary locations on the system, potentially overwriting critical system files or injecting malicious code. Similar directory traversal vulnerabilities have historically been exploited to gain persistent access to systems.
CVE-2025-11002 was reported to ZDI (ZDI-CAN-26743) and subsequently publicly disclosed on 2026-01-23. The CVSS score is 7.0 (HIGH). The exploitability of this vulnerability is considered medium due to the need for user interaction and the complexity of crafting a malicious ZIP file. No public proof-of-concept exploits are currently known, but the vulnerability's nature suggests it is likely to be targeted by attackers. It is not currently listed on the CISA KEV catalog.
Systems utilizing 7-Zip version 24.09 (x64) are at risk, particularly those where 7-Zip is used to process ZIP files from untrusted sources. Shared hosting environments and systems with automated archive processing workflows are especially vulnerable due to the increased likelihood of exposure to malicious ZIP files.
• windows / supply-chain:
Get-Process -Name 7z | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.Action.Exe -like "7z*"}• windows / supply-chain:
reg query "HKCU\Software\7-Zip" /v Path• generic web: Inspect 7-Zip installation directories for unexpected files or modifications.
disclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-11002 is to upgrade to a patched version of 7-Zip as soon as it becomes available. Until a patch is released, consider restricting the ability to extract ZIP files from untrusted sources. Implement strict file access controls to limit the potential impact of a successful exploit. Consider using a Web Application Firewall (WAF) or proxy to inspect incoming ZIP files for suspicious symbolic links or unusual file paths. Monitor system logs for unusual file creation or modification activity in unexpected directories. While a direct detection signature is difficult, monitor for processes spawning from 7-Zip with unusual command-line arguments.
Actualice 7-Zip a una versión posterior a la 24.09. Descargue la última versión desde el sitio web oficial de 7-Zip.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-11002 is a Remote Code Execution vulnerability in 7-Zip 24.09 (x64) that allows attackers to execute code by crafting malicious ZIP files.
If you are using 7-Zip version 24.09 (x64) and process ZIP files from untrusted sources, you are potentially affected.
A patch is not yet available. As a workaround, restrict ZIP file processing from untrusted sources and monitor system logs.
There are no confirmed reports of active exploitation at this time, but the vulnerability's nature suggests a potential for exploitation.
Refer to the 7-Zip website and security mailing lists for updates on the vulnerability and potential fixes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.