481/68 Friday, November 21, 2025
NHS England Digital has issued an alert regarding a security vulnerability in the 7-Zip file archiving software, identified as CVE-2025-11001 (CVSS 7.0), which is now being actively exploited. The flaw allows attackers to execute arbitrary code remotely (RCE). The 7-Zip development team has already released a fix in version 25.00, published in July 2025.
The vulnerability stems from improper handling of symbolic links within ZIP archives, which allows specially crafted ZIP files to force the application to access directories outside the intended path (directory traversal). This can lead to execution of malicious code under the permissions of the service account. The issue was discovered by Ryota Shiga of GMO Flatt Security Inc., together with the AI-based security analysis system Takumi. Version 25.00 also includes a fix for a related flaw, CVE-2025-11002, caused by the same symbolic link handling issue. Both vulnerabilities have existed since version 21.02.
Although it remains unclear who is exploiting the flaw, the existence of a publicly released Proof-of-Concept (PoC) significantly increases the risk. According to the PoC author, the vulnerability affects Windows systems only, and exploitation requires elevated privileges or a device with Developer Mode enabled. Users are strongly urged to update 7-Zip to the latest version immediately to reduce their risk of compromise.
Source https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html
