7-Zip vulnerability enables remote code execution through malicious ZIP files
Take action: Update your 7-Zip software on Windows to version 25.01 or later ASAP. There's an vulnerability that is exploitable just by opening a malicious ZIP file. And there's a public exploit PoC, so criminals can just copy it in their attacks. Don't ignore this one
Learn More
A security vulnerability is reported in 7-Zip, one of the world's most widely used file compression utilities, allowing remote attackers to execute arbitrary code on affected systems.
The flaw is tracked as CVE-2025-11001 (CVSS score 7.0), is a directory traversal vulnerability caused by improper handling of symbolic links in ZIP files. The UK's NHS England Digital issued a high-risk warning on November 18, 2025, after initially reporting active exploitation. The agency later clarified that no in-the-wild exploitation has been observed but noted the existence of a public proof-of-concept exploit significantly elevates the risk.
The vulnerability affects all 7-Zip versions before 25.00 and is impacting only Windows systems. When a user opens a specially crafted ZIP archive, the malicious file can exploit the symbolic link handling flaw to traverse to unauthorized system directories during extraction. This directory traversal allows attackers to write files to arbitrary locations on the system, potentially enabling them to execute malicious code with the privileges of the user or service account running the application. The exploitation requires user interaction, as the target must open the malicious ZIP file.
The danger level escalated significantly when security researcher Dominik, known online as "pacbypass," publicly released a working proof-of-concept exploit code on October 17, 2025. This ready-to-use demonstration provides cybercriminals with a blueprint for attacks, dramatically lowering the barrier to exploitation.
The vulnerability was patched in 7-Zip version 25.00, released in July 2025, and the current stable version being 25.01 released in August 2025. Unfortunately, 7-Zip lacks an automatic update mechanism, so all updates must be performed manually by users or managed through enterprise deployment systems. This absence of automated patching means many systems likely remain vulnerable months after the patch became available. Organizations and individual users must manually identify all 7-Zip installations older than version 25.00 on Windows machines and should upgrade to version 25.01 ASAP.
