CVE-2025-11002

7-Zip

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-11002 is a vulnerability that exists within the handling of symbolic links in ZIP files by 7-Zip. By crafting malicious data within a ZIP file, an attacker can cause the application to traverse to unintended directories. This vulnerability could allow remote attackers to execute arbitrary code on affected installations of 7-Zip. The vulnerability stems from the improper processing of symbolic links within ZIP archives, potentially allowing a malicious ZIP file to force traversal outside the intended extraction directory. Exploitation requires user interaction, such as opening or extracting a malicious ZIP file. 7-Zip version 25.00 addresses the vulnerability.

Description
-

Social media

Hype score
Not currently trending

  1. 7-Zip Vulnerability: New CVEs Allow Remote Code Execution and File Overwrites Two new vulnerabilities (CVE-2025-11001 and CVE-2025-11002) have been discovered in 7-Zip, one of the most widely used file archivers on Windows. These flaws allow attackers to perform directory https:

    @john_video

    26 Oct 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 7-Zip Vulnerability: New CVEs Allow Remote Code Execution and File Overwrites Two new vulnerabilities (CVE-2025-11001 and CVE-2025-11002) have been discovered in 7-Zip, one of the most widely used file archivers on Windows. These flaws allow attackers to perform directory https:

    @john_video

    25 Oct 2025

    44 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. In this episode of IT SPARC Cast - CVE of The Week, @john_Video and @loudoggeek unpack a fresh pair of vulnerabilities affecting one of the most common tools on Windows desktops — 7-Zip. Tracked as CVE-2025-11001 and CVE-2025-11002, these directory traversal flaws allow https:

    @ITSPARCCast

    24 Oct 2025

    69 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  4. Critical alert: Two high-severity 7-Zip vulnerabilities (CVE-2025-11001 & CVE-2025-11002) allow arbitrary code execution via symbolic link manipulation in ZIP files. Versions 21.02–24.09 affected. Update to 25.01+ immediately. A public PoC is already available. Don't wait.

    @ctrlaltnod

    21 Oct 2025

    84 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🛑 Deux nouvelles failles de sécurité découvertes dans 7-Zip - Quels sont les risques ? Comment se protéger ? 🩹 CVE-2025-11001 🩹 CVE-2025-11002 🧷 Tous les détails sur IT-Connect : https://t.co/Nu0P2E8WfX #7zip #windows #infosec https://t.co/1CiwRJBC1I

    @ITConnect_fr

    21 Oct 2025

    612 Impressions

    13 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  6. Windows users should update 7-Zip to version 25.00 or later to fix two significant “path traversal” vulnerabilities (CVE-2025-11001 and CVE-2025-11002) that can allow remote code execution, caused by the handling of symbolic links in ZIP files. https://t.co/pnCF7Kthky https:/

    @AlternativeTo

    20 Oct 2025

    2923 Impressions

    20 Retweets

    62 Likes

    17 Bookmarks

    1 Reply

    0 Quotes

  7. [1day1line] CVE-2025-11001, CVE-2025-11002: Symbolic-link handling bugs in 7-Zip leading to Arbitrary File Write / RCE potential Today’s 1day1line: 7-Zip’s ZIP extraction logic misparse Linux/WSL-style links and mistakenly treat them as Windows absolute paths, causing an htt

    @hackyboiz

    19 Oct 2025

    1829 Impressions

    5 Retweets

    29 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 7-Zip PoC exploit published — two symlink-handling RCEs (CVE-2025-11001, CVE-2025-11002) in 7-Zip ≤24.09. A crafted ZIP with malicious symlinks can cause directory traversal / symlink substitution during extraction, allowing arbitrary file writes outside the target folde

    @Ind_Cyber_News

    19 Oct 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 A public PoC exploit for 7-Zip flaws (CVE-2025-11001, CVE-2025-11002) is out — enabling file writes & possible code execution. Update to 7-Zip 25.00 now! ⚠️ Read More: https://t.co/c2thCsNh1g #CyberSecurity #7Zip #PatchNow https://t.co/3CMk8S7ctc

    @FindSecCyber

    18 Oct 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. GitHub - pacbypass/CVE-2025-11001: Exploit for CVE-2025-11001 or CVE-2025-11002 https://t.co/SqAe7wZp9U

    @akaclandestine

    15 Oct 2025

    3283 Impressions

    9 Retweets

    50 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  11. GitHub - pacbypass/CVE-2025-11001: Exploit for CVE-2025-11001 or CVE-2025-11002 - https://t.co/zzw84tPE13

    @piedpiper1616

    15 Oct 2025

    2485 Impressions

    18 Retweets

    37 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  12. Se han identificado dos vulnerabilidades críticas en #7Zip (CVE-2025-11001 y CVE-2025-11002) que permiten ejecución remota de código mediante archivos ZIP manipulados. Afectan versiones anteriores a la 25.01 y requieren actualización inmediata https://t.co/jigpLnryUn https://

    @henryraul

    14 Oct 2025

    131 Impressions

    10 Retweets

    10 Likes

    1 Bookmark

    1 Reply

    1 Quote

  13. Our Co-CTO @Ga_ryo_ and our pentesting AI agent, Takumi, have discovered arbitrary code execution vulnerabilities in 7-Zip. CVE-2025-11001: https://t.co/XowVByWd9A CVE-2025-11002: https://t.co/xBTZsI0boN Please refer to the advisories and take appropriate measures.

    @flatt_sec_en

    14 Oct 2025

    1511 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    1 Quote

  14. 7-ZipにZIP解凍時のパストラバーサル 脆弱性(CVE-2025-11001,CVE-2025-11002)、今すぐアップデートを https://t.co/fB76uT0BLl #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    13 Oct 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. ⚠️Vulnerabilidades en 7-Zip ❗CVE-2025-11001 ❗CVE-2025-11002 ➡️Más info: https://t.co/kKWBT4jtsa https://t.co/fIJa3n25GE

    @CERTpy

    13 Oct 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨7-Zip CVE-2025-11002 Detection https://t.co/YzTo1xLS1X A KQL query designed to monitor for potential exploitation of CVE-2025-11002 a directory traversal vulnerability in 7-Zip until the affected infrastructure is fully patched and secured. https://t.co/KlIqvU8d8S https://

    @0x534c

    12 Oct 2025

    9115 Impressions

    37 Retweets

    154 Likes

    64 Bookmarks

    2 Replies

    1 Quote

  17. 壓縮工具 7-Zip 存在高風險漏洞 (CVE-2025-11001, CVE-2025-11002)。 風險:解壓縮惡意 ZIP 檔,可能導致遠端程式碼執行。 主因:7-Zip 缺乏自動更新機制,大量用戶仍在使用舊的、有漏洞的版本。 解法:請立即手動前往

    @Easy2Tips

    12 Oct 2025

    199 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 🚨 Dos vulnerabilidades críticas en 7-Zip ⚠️ CVE-2025-11001 ⚠️ CVE-2025-11002 https://t.co/ab04trVtBO https://t.co/MxO228J5V5

    @elhackernet

    12 Oct 2025

    25978 Impressions

    81 Retweets

    372 Likes

    95 Bookmarks

    4 Replies

    7 Quotes

  19. 🛡️ Abrir el archivo equivocado en 7-Zip puede comprometer tu red Dos vulnerabilidades graves (CVE-2025-11001 y CVE-2025-11002) afectan a todas las versiones de 7-Zip anteriores a la 25.00. Permiten a un atacante ejecutar código malicioso al manipular cómo se procesan en

    @CycuraMX

    11 Oct 2025

    2252 Impressions

    14 Retweets

    34 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  20. Flaws (CVE-2025-11001 & CVE-2025-11002) in 7-Zip allow attackers to gain RCE by exploiting directory traversal via malicious ZIP files. Update immediately to v25.00. #7Zip #RCE #Cybersecurity #ZipFlaw #ZDI https://t.co/2ovXgisOfC

    @the_yellow_fall

    11 Oct 2025

    262 Impressions

    4 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  21. 🚨CVE-2025-11002 and CVE-2025-11001: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability CVSS: 7.0 / 7.0 Advisory: https://t.co/RYUZ5EoBlH and https://t.co/shEWNSXUQv Fixed in 7-Zip 25.00

    @DarkWebInformer

    10 Oct 2025

    6158 Impressions

    9 Retweets

    49 Likes

    16 Bookmarks

    2 Replies

    1 Quote

  22. ⚠️ Per chi fosse interessato: vulnerabilità ( CVE-2025-11001 e CVE-2025-11002) in #7Zip consentono agli aggressori di eseguire codice arbitrario da remoto. Aggiornamento alla versione 25.00 disponibile. 🔗 https://t.co/k2vcZGHfNp https://t.co/fLvlveEUHd

    @sonoclaudio

    10 Oct 2025

    307 Impressions

    0 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  23. 7-Zipで深刻な任意コード実行の脆弱性が修正。CVE-2025-11001とCVE-2025-11002はCVSSスコア7.0。シンボリックリンクリンクの取扱いに起因。バージョン25.00で修正。GMO Flatt SecurityのRyota Shiga氏がTakumiで発見。 https://t.co/O4W

    @__kokumoto

    10 Oct 2025

    1183 Impressions

    6 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 7-Zip Vulnerabilities Allow Remote Code Execution Two critical flaws (CVE-2025-11001 & CVE-2025-11002). ✅ By exploiting symbolic links in archives, attackers can execute arbitrary code - patch immediately 🎯 🔗 https://t.co/dPuEkTc7tz #CyberSecurity #News

    @MME_IT

    10 Oct 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability (CVE-2025-11002) #7Zip #CVE202511002 #CyberSecurity #RemoteCodeExecutionVulnerability https://t.co/AjeClSpRUo https://t.co/4ROsAdfUIz

    @SystemTek_UK

    9 Oct 2025

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.