Proof-of-Concept Exploit Reported for CVE-2025-11001 in 7-Zip
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code
Summary
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code
Threat details
Proof-of-concept exploit available for CVE-2025-11001
A security researcher has publicly released a proof-of-concept (PoC) exploit for CVE-2025-11001. The PoC allows attackers to abuse symbolic-link handling to write files outside of the intended extraction folder, which in some scenarios, can enable arbitrary code execution. The NHS England National CSOC assess future exploitation as likely.
Introduction
7-Zip have released a new version that addresses the vulnerability CVE-2025-11001.
CVE-2025-11001 - a File Parsing Directory Traversal Remote Code Execution Vulnerability - CVSSv3 score: 7.0
Threat updates
| Date | Update |
|---|---|
| 20 Nov 2025 |
Removed erroneous references to active exploitation.
The NHS England National CSOC has not observed exploitation of CVE-2025-11001 in the wild, and have removed references to exploitation that were included in error. The National CSOC is aware of a public proof-of-concept exploit. The following sections have been updated to reflect this change:
|
Remediation advice
Affected organisations are encouraged to update 7-Zip to version 25.00 or later as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 20 November 2025 3:25 pm