Hackers Actively Exploiting 7-Zip Vulnerability (CVE-2025-11001)

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

The UK’s NHS England Digital issued an advisory on November 19, 2025, warning of active exploitation of CVE-2025-11001, a remote code execution (RCE) vulnerability in 7-Zip. This flaw, addressed in version 25.00 released in July 2025, stems from improper handling of symbolic links within ZIP files.

Why This Matters

Current security models often assume archive utilities are safe, but vulnerabilities like CVE-2025-11001 demonstrate the risk of trusting untrusted input. Exploitation can lead to arbitrary code execution, potentially resulting in system compromise and data breaches, with associated remediation costs reaching hundreds of thousands of dollars per incident for large organizations.

Key Insights

• CVE-2025-11001 CVSS Score: 7.0 (High severity)
• Symbolic Link Exploitation: Attackers leverage crafted ZIP files with malicious symbolic links to traverse directories and execute code.
• AI-Assisted Discovery: The vulnerability was discovered with the help of GMO Flatt Security’s AI-powered AppSec Auditor, Takumi.

Practical Applications

• Use Case: Organizations processing ZIP files from external sources (e.g., supply chain partners) are at high risk.
• Pitfall: Relying on outdated software versions, especially for commonly used utilities like 7-Zip, creates easily exploitable attack surfaces.

References:

• https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html