7-Zip vulnerability that enables remote code execution actively exploited
Take action: If you are using 7-Zip, this is urgent. Hackers are exploiting the 7-Zip flaw exploitable just by opening a malicious ZIP file. Update your 7-Zip software to version 25.01 or later ASAP.
Learn More
A vulnerability in 7-Zip that enables remote code execution is being actively exploited in the wild.
The flaw is tracked as CVE-2025-11001 (CVSS score 7.0) and is caused by improper handling of symbolic links within specially crafted ZIP archives. When a malicious archive is extracted, the vulnerability allows 7-Zip to write files outside the intended directory structure, enabling attackers to overwrite critical system files or execute arbitrary code with the permissions of the service account running the application.
The vulnerability affects all versions of 7-Zip prior to version 25.0.0.
Exploitation activity has been observed across multiple industry sectors. Healthcare and financial services organizations are targeted.
On November 18, 2025, NHS England Digital issued an official security advisory confirming active exploitation of CVE-2025-11001 and urging all organizations to update their 7-Zip installations immediately.
Organizations using affected versions of 7-Zip should prioritize updating to version 25.0.0 or later.
