Cybersecurity researchers have reported active exploitation of a critical vulnerability in 7-Zip, the popular file compression software used by millions worldwide.
The flaw, tracked as CVE-2025-11001, poses serious risks as attackers are leveraging it to execute malicious code remotely on vulnerable systems.
Vulnerability Details
| CVE ID | Vulnerability Type | CVSS Score | Affected Product |
|---|---|---|---|
| CVE-2025-11001 | File Parsing Directory Traversal Remote Code Execution | 7.0 (High) | 7-Zip (All versions prior to 25.00) |
The vulnerability has been assigned a CVSS score of 7.0, indicating a high-severity threat.
NHS Digital issued a cyber alert on November 18, 2025, warning organizations about the active exploitation and urging immediate action.
CVE-2025-11001 is a file-parsing directory-traversal vulnerability that enables remote code execution.
Attackers exploit flaws in 7-Zip’s handling of symbolic links during file extraction. By crafting malicious archive files, threat actors can force the software to write files outside the intended extraction directory.
This behavior allows attackers to place executable files in critical system locations, potentially leading to arbitrary code execution when those files are accessed or run.
Security researchers have publicly released a proof-of-concept exploit demonstrating how this vulnerability can be weaponized.
The availability of this PoC significantly increases the risk, as it lowers the barrier for cybercriminals to launch attacks against unpatched systems.
The vulnerability affects all 7-Zip versions before 25.00, putting countless organizations and individual users at risk. Active exploitation has already been observed in the wild, according to threat intelligence reports.
The NHS Digital cybersecurity team has classified this as threat ID CC-4719 with medium severity, emphasizing the urgency for organizations to patch immediately.
Given 7-Zip’s widespread use across enterprise environments, government agencies, and personal computers, the attack surface is considerable.
Attackers targeting this vulnerability can gain unauthorized access to sensitive systems and deploy additional malware payloads.
Organizations and users must immediately update 7-Zip to version 25.00 or later. The latest version patches CVE-2025-11001 and protects against this exploitation method.
System administrators should prioritize this update across all endpoints and servers running vulnerable versions.
Delaying updates leaves systems exposed to active threats that cybercriminals are already exploiting.
Implementing the patch eliminates the vulnerability and prevents potential remote code execution attacks through malicious archive files.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.