CVE-2025-53817

Published Jul 17, 2025

Last updated 6 months ago

CVSS medium 5.5

Overview

Description
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.
Source
security-advisories@github.com
NVD status
Analyzed
Products
7-zip

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-476

Social media

Hype score
Not currently trending

  1. Beyond Compare 5.1.5.31310 released. Updated 7-zip library to v25.01. Fixes CVE-2025-53816 and CVE-2025-53817. macOS/Linux: Fixed repeated Open Clipboard in file compares toggling between the clipboard contents and nothing. Fixed slow/jittery column resizing in Table Compare.

    @ScooterSoftware

    8 Sept 2025

    360 Impressions

    3 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 7-Zipで2つの脆弱性 いずれもDoS攻撃リスク(CVE-2025-53816,CVE-2025-53817) #セキュリティ対策Lab #セキュリティ #Security https://t.co/XeEbsOjSFO

    @securityLab_jp

    22 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 7-Zip - CVE-2025-53817 - Null pointer dereference in the Compound handler may lead to denial of service https://t.co/pOWjesBljz

    @gothburz

    18 Jul 2025

    134 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-53817 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the … https://t.co/G1uteiNlWC

    @CVEnew

    17 Jul 2025

    277 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.CVE-2025-11002
  2. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.CVE-2025-11001
  3. 7-Zip before 25.01 does not always properly handle symbolic links during extraction.CVE-2025-55188
  4. 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.CVE-2025-53816
  5. 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.CVE-2022-47112

References

Sources include official advisories and independent security research.