New Security Vulnerability in 7-Zip: CVE-2025-11001
A serious security vulnerability has been uncovered, designated as CVE-2025-11001, which poses a risk to users in both public and private sectors. This flaw impacts all versions of 7-Zip prior to 25.00 and allows attackers to execute malicious code from afar, potentially jeopardizing vital systems. In light of this, NHS Digital has issued a cyber alert, strongly advising organizations and individuals to take swift action to mitigate risks.
Understanding CVE-2025-11001
CVE-2025-11001 is categorized as a directory traversal remote code execution vulnerability associated with file parsing. It has received a CVSS score of 7.0, placing it in the high severity bracket. The issue arises from how 7-Zip manages symbolic links while extracting archive files. Attackers can exploit this by crafting harmful archives that force 7-Zip to write files to unauthorized locations outside the intended extraction directory.
This misconfiguration not only enables malicious files to be placed in critical system directories but also opens the door for these files to execute arbitrary code on the system. The potential for significant damage is evident as security researchers have demonstrated a proof-of-concept (PoC) exploit showcasing how CVE-2025-11001 can be misused. While this PoC doesn’t represent a fully developed attack, it does lower the barrier for cybercriminals, significantly heightening the vulnerability of unpatched systems.
Impact Assessment of the Vulnerability
All versions of 7-Zip released before version 25.00 are susceptible to this vulnerability, affecting countless enterprise systems, government departments, and individual users. NHS Digital’s cybersecurity team has categorized this threat under Threat ID CC-4719, emphasizing the urgency of applying patches. Although early reports hinted at active exploitation, an update on November 20, 2025, clarified that NHS England’s National Cyber Security Operations Centre (CSOC) had not identified confirmed exploitation instances. However, they did acknowledge the existence of the public PoC exploit, indicating that future attacks could occur if systems remain unpatched.
The widespread use of 7-Zip across various platforms means the potential attack surface is extensive. A successful breach could grant unauthorized access to sensitive systems and facilitate the installation of additional malware, further compromising security.
Steps for Remediation and User Recommendations
In reaction to CVE-2025-11001, 7-Zip has rolled out version 25.00 to address the vulnerability, effectively mitigating the risk of remote code execution through harmful archive files. It is strongly recommended that organizations and individual users upgrade their software immediately. Postponing this update places systems at risk of exploitation, especially as cyber threats continue to evolve.
System administrators should focus on updating all endpoints and servers that are running vulnerable versions of 7-Zip. By implementing this patch, organizations can eliminate the directory traversal vulnerability, thereby neutralizing the risk of arbitrary code execution stemming from symbolic link manipulation.
Continued Vigilance for Cybersecurity
CVE-2025-11001 represents a high-severity vulnerability within 7-Zip that demands attention. While there have been no confirmed cases of exploitation in NHS systems, the existence of a public proof-of-concept raises the stakes for future attacks. Organizations are encouraged to transition to 7-Zip version 25.00 or later and report any suspicious activities to NHS Digital immediately.
Maintaining vigilance against threats like CVE-2025-11001 is essential. Services like those offered by Cyble provide AI-driven vulnerability intelligence, which can help organizations prioritize and address critical vulnerabilities before they can be exploited. Scheduling a personalized demo with Cyble could be a proactive step in protecting your systems and data.
