216.73.216.75

CVE-2025-11001

· Published 19/11/2025 22:16 · Modified 24/11/2025 15:07

Labels: CVE-2025-11001 2025-11-19CVE-2025-11001CWE-22[email protected]

Essential information

Published
19/11/2025 22:16
Modified
24/11/2025 15:07
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
7-zip / 7-zip cpe:2.3:a:7-zip:7-zip:24.09:*:*:*:*:*:*:*
microsoft / windows cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*

References