Hackers are actively exploiting a critical vulnerability in 7-Zip, a popular file archiver, which could impact millions of users. The flaw, identified as CVE-2025-11001, allows remote attackers to execute arbitrary code, posing a significant security risk. This vulnerability was addressed in 7-Zip version 25.00, released in July 2025, but the race is on to patch it before malicious actors can exploit it further.
The issue lies in the handling of symbolic links within ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories, potentially leading to remote code execution. Security researchers Ryota Shiga and GMO Flatt Security Inc.'s AI-powered AppSec Auditor Takumi discovered and reported this vulnerability. It's worth noting that this isn't the only flaw in 7-Zip; version 25.00 also resolves another vulnerability, CVE-2025-11002, which allows for remote code execution through improper handling of symbolic links within ZIP archives.
The U.K. NHS England Digital has confirmed that active exploitation of CVE-2025-11001 has been observed in the wild. However, the details of how it's being weaponized, by whom, and in what context remain undisclosed. The existence of proof-of-concept (PoC) exploits emphasizes the urgency for 7-Zip users to apply the necessary fixes immediately for optimal protection.
Security researcher Dominik (aka pacbypass), who released the PoC, clarifies that this vulnerability can only be exploited from the context of an elevated user/service account or a machine with developer mode enabled, and it is specific to the Windows operating system. This means that while the threat is real, it is not as widespread as some other vulnerabilities, but it still requires immediate attention from users and administrators.
For those interested in staying informed about cybersecurity threats and solutions, following The Hacker News on Google News, Twitter, and LinkedIn is a great way to keep up with the latest developments. By staying informed, you can better protect yourself and your organization from potential cyber attacks.
