CVE-2025-53816

Published Jul 17, 2025

Last updated a month ago

CVSS medium 5.5
7-Zip

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-53816 is a vulnerability affecting 7-Zip, a file archiving tool. Specifically, it's a heap buffer overflow found in the RAR5 decoder component. This flaw can be triggered when 7-Zip attempts to process specially crafted RAR5 archive files. The vulnerability stems from a miscalculation in memory operations during the recovery of corrupted archive items, leading to a write of zero bytes beyond the allocated buffer. By exploiting this, an attacker can cause memory corruption and potentially crash the application or system, resulting in a denial-of-service condition. 7-Zip version 25.0.0 addresses this vulnerability.

Description
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.
Source
security-advisories@github.com
NVD status
Analyzed
Products
7-zip

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-122

Social media

Hype score
Not currently trending

  1. Beyond Compare 5.1.5.31310 released. Updated 7-zip library to v25.01. Fixes CVE-2025-53816 and CVE-2025-53817. macOS/Linux: Fixed repeated Open Clipboard in file compares toggling between the clipboard contents and nothing. Fixed slow/jittery column resizing in Table Compare.

    @ScooterSoftware

    8 Sept 2025

    360 Impressions

    3 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ 7-Zip RAR5 flaw crashes systems via DoS A heap-based buffer overflow vulnerability (CVE-2025-53816) in 7-Zip’s RAR5 codec leads to system crashes when processing crafted archives. Fixed in version 25.00 (July 5, 2025). Update now to avoid disruption. #ransomNews http

    @ransomnews

    11 Aug 2025

    374 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 📢 7-Zip 👉 La faille CVE-2025-53816 a été patchée dans 7-Zip. Considérée comme moyenne (score CVSS de 5.5), elle peut provoquer un déni de service grâce à une archive RAR5. 🧷 Plus d'infos sur IT-Connect : https://t.co/EDBkRnxGqt #7zip #infosec #cybersecurite ht

    @ITConnect_fr

    23 Jul 2025

    52 Impressions

    2 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  4. 7-Zipで2つの脆弱性 いずれもDoS攻撃リスク(CVE-2025-53816,CVE-2025-53817) #セキュリティ対策Lab #セキュリティ #Security https://t.co/XeEbsOjSFO

    @securityLab_jp

    22 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ New 7-Zip Vulnerability Discovered! A critical flaw (CVE-2025-53816) in 7-Zip’s RAR5 decoder allows crafted archives to crash systems via heap buffer overflows. 📖 Read full report: https://t.co/Q5wU7FGN3X #CyberSecurity #7Zip #Vulnerability #InfoSec #RAR5 #TechPIO

    @VaultEdgeIT

    21 Jul 2025

    73 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 7-Zipに重大なサービス拒否(DoS)脆弱性(CVE-2025-53816)が発見された。これはRAR5アーカイブ処理時に発生し、攻撃者が細工したRAR5ファイルを介してメモリ破損を引き起こし、アプリケーションやシステムをク

    @yousukezan

    21 Jul 2025

    22811 Impressions

    165 Retweets

    343 Likes

    139 Bookmarks

    0 Replies

    6 Quotes

  7. 🚨 Critical 7-Zip Vulnerability Exposes Millions to DoS Attack: #CVE-2025-53816 Shakes File Compression Security https://t.co/hbr2cYCOFq

    @UndercodeNews

    21 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ Critical 7-Zip DoS Vulnerability Alert! Malicious RAR5 files can cause system crashes. If you use 7-Zip, update to version 25.00 *now* to patch CVE-2025-53816. Protect your systems! 🛡️ #InfoSec #CyberAttack https://t.co/bmTr3P4i9C

    @fernandokarl

    21 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-53816 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in vers… https://t.co/jEoB9ybso9

    @CVEnew

    17 Jul 2025

    229 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.