7-Zip Security Flaw: What You Need to Know
Overview of the Vulnerability
A newly identified security vulnerability affecting 7-Zip has come to light, with reports indicating it is being actively exploited. The advisory, issued by NHS England Digital on November 19, 2025, outlines significant concerns regarding the software and its users.
Details of the Flaw
The vulnerability, designated as CVE-2025-11001, has a CVSS score of 7.0, indicating a substantial risk level. This flaw enables remote attackers to execute arbitrary code, posing serious threats to data security. The issue lies in how symbolic links are managed within ZIP files, particularly when crafted data is used. This manipulation can allow unauthorized access to unintended directories, facilitating attacks on systems where 7-Zip is installed.
Fixes and Updates
The good news is that this issue has been addressed in the latest 7-Zip update, version 25.00, released in July 2025. Users are urged to update to this version promptly to mitigate risks associated with the vulnerability. Alongside CVE-2025-11001, the update also rectifies another vulnerability, CVE-2025-11002, which has a similar risk profile and relates to improper handling of symbolic links within ZIP archives.
Discovery and Reporting
The flaws were reported by security expert Ryota Shiga of GMO Flatt Security Inc., utilizing the company’s AI-powered AppSec Auditor called Takumi. This proactive approach highlights the importance of continuous security scrutiny in software development and deployment.
Current Exploit Status
NHS England Digital has confirmed that the exploitation of CVE-2025-11001 is ongoing in the wild. However, the specifics regarding the actors behind the attacks or the context in which they are being conducted remain unclear. Given the existence of proof-of-concept (PoC) exploits, the urgency for users to apply updates is heightened.
User Impact and Recommendations
This vulnerability can only be exploited on systems with elevated user permissions or those operating in developer mode. Notably, it is restricted to Windows environments, making it a Windows-specific concern for 7-Zip users. Security researcher Dominik (also known as pacbypass) emphasized this in a recent post outlining the vulnerabilities.
For optimal protection, immediate action is recommended for users of 7-Zip. Updating to version 25.00 is essential to safeguard systems from potential attacks. Regularly checking for software updates and applying necessary patches can prevent many security risks associated with known vulnerabilities.
Conclusion
In summary, the recently disclosed vulnerabilities in 7-Zip underscore the critical nature of software security. Users must remain vigilant and prioritize the application of updates to ensure their data and systems are protected from active exploitation. Adopting best practices for software maintenance can significantly mitigate the potential impact of such vulnerabilities.
