A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community.
CVE-2025-55188, discovered and reported by security researcher Landon on August 9, 2025, allows attackers to perform arbitrary file writes during archive extraction, potentially leading to code execution on vulnerable systems.
The vulnerability affects all versions of 7-Zip prior to 25.01 and stems from improper handling of symbolic links during the extraction process.
When users extract a maliciously crafted archive containing unsafe symbolic links, 7-Zip follows these links during extraction, enabling attackers to write files to locations outside the intended extraction directory.
7-Zip Arbitrary File Write Vulnerability
The vulnerability exploits 7-Zip’s symbolic link processing mechanism. According to the security advisory, the attack requires specific conditions to be successful.
For Linux systems, attackers need the target to be using a vulnerable 7-Zip version while extracting an archive format that supports symbolic links, such as ZIP, TAR, 7Z, or RAR files. The exploitation process is more straightforward on Linux environments.
On Windows systems, additional requirements must be met for successful exploitation. The 7-Zip extraction process must have elevated privileges or operate in Windows Developer Mode to create symbolic links. This makes Windows systems somewhat less susceptible but not immune to the attack.
Once these conditions are met, attackers can craft malicious archives containing symbolic links that point to sensitive system files. When extracted, 7-Zip follows these symbolic links, allowing attackers to overwrite critical files such as SSH keys, .bashrc files, or other system configurations.
Despite receiving a CVSS score of 2.7, which categorizes it as low severity, security experts warn that the practical impact could be much more significant. The vulnerability enables attackers to achieve unauthorized access and code execution by targeting sensitive files that control system behavior.
During a single extraction operation, attackers can attempt multiple file overwrites, increasing their chances of compromising the target system.
The vulnerability is particularly concerning because 7-Zip displays file paths before symbolic link resolution, allowing attackers to hide the true destination of their malicious writes.
Mitigations
7-Zip version 25.01, released on August 3, 2025, addresses this vulnerability with enhanced symbolic link handling. The update includes significant security improvements to prevent unsafe symbolic link creation during archive extraction.
The new version introduces a command-line switch (-snld20) that can bypass the default security checks when creating symbolic links, providing administrators with controlled flexibility while maintaining security by default.
Security researchers have emphasized the importance of immediate patching, particularly given 7-Zip’s widespread usage across enterprise and personal computing environments. The vulnerability has been tracked in multiple security databases and has prompted advisories from various cybersecurity organizations.
Mitigation strategies include updating to 7-Zip 25.01 immediately, avoiding extraction of archives from untrusted sources, and implementing sandboxed environments for handling unknown files. Organizations should also audit their systems to ensure all 7-Zip installations are updated, as the software lacks automatic update capabilities.
This incident follows a pattern of recent vulnerabilities in 7-Zip, including CVE-2025-0411 and CVE-2024-11477, demonstrating the continued need for vigilant security practices when handling compressed files from untrusted sources.
Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial
Source link
