HIGHCVE-2025-11002CVSS 7

CVE-2025-11002: RCE in 7-Zip (x64)

Platform

windows

Component

7-zip

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

CVE-2025-11002 is a Remote Code Execution (RCE) vulnerability affecting 7-Zip version 24.09 (x64). This flaw arises from improper handling of symbolic links within ZIP files, enabling attackers to potentially execute arbitrary code. Successful exploitation requires user interaction but can lead to significant system compromise. A fix is expected in a future 7-Zip release.

Impact and Attack Scenarios

An attacker can exploit this vulnerability by crafting a malicious ZIP file containing symbolic links that, when processed by 7-Zip, lead to unintended directory traversal. This allows the attacker to execute arbitrary code on the system with the privileges of the user running 7-Zip. The potential impact is severe, ranging from data theft and system takeover to the installation of malware. Given 7-Zip's widespread use as an archive utility, this vulnerability has a broad attack surface. The ability to execute code in the context of a service account further amplifies the risk, potentially enabling lateral movement within the network.

Exploitation Context

This vulnerability was reported to ZDI (ZDI-CAN-26743) and subsequently assigned CVE-2025-11002. The vulnerability's severity is currently assessed as HIGH (CVSS 7). Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's nature suggests a relatively straightforward exploitation path. It is not currently listed on CISA KEV as of this writing.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureLow

EPSS

0.11% (29% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impacttotal

CVSS Vector

Affected Software

Component7-zip

Vendor7-Zip

Affected rangeFixed in

24.09 (x64) – 24.09 (x64)—

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2025-09-25
Published2026-01-23
Modified2026-02-26
EPSS updated2026-03-23

Unpatched — 121 days since disclosure

Mitigation and Workarounds

Currently, no official patch is available. As a temporary mitigation, restrict the use of 7-Zip to trusted sources and disable the extraction of ZIP files from untrusted origins. Consider implementing network segmentation to limit the potential blast radius if exploitation occurs. Monitor system logs for suspicious activity related to 7-Zip processes. While a direct fix is pending, carefully review and audit any scripts or applications that utilize 7-Zip for archive handling. After a future upgrade, confirm by attempting to extract a known-safe ZIP archive and verifying that no unexpected file modifications occur.

How to fix

Actualice 7-Zip a una versión posterior a la 24.09. Descargue la última versión desde el sitio web oficial de 7-Zip.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-11002 — RCE in 7-Zip?

CVE-2025-11002 is a Remote Code Execution vulnerability in 7-Zip 24.09 (x64) that allows attackers to execute code by crafting malicious ZIP files.

Am I affected by CVE-2025-11002 in 7-Zip?

If you are using 7-Zip version 24.09 (x64) and process ZIP files from untrusted sources, you are potentially affected.

How do I fix CVE-2025-11002 in 7-Zip?

A patch is not yet available. As a workaround, restrict ZIP file processing from untrusted sources and monitor system logs.

Is CVE-2025-11002 being actively exploited?

There are no confirmed reports of active exploitation at this time, but the vulnerability's nature suggests a potential for exploitation.

Where can I find the official 7-Zip advisory for CVE-2025-11002?

Refer to the 7-Zip website and security mailing lists for updates on the vulnerability and potential fixes.