CVE-2025-11002
published 2026-01-23CVE-2025-11002: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…
PriorityP347high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.52%
40.0th percentile
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | — | — |
| 7-zip | 7-zip | — | — |
| 7-zip | p7zip | >= 0 < 16.02+transitional.1 | 16.02+transitional.1 |
| debian | 7zip | < 7zip 25.00+dfsg-1 (forky) | 7zip 25.00+dfsg-1 (forky) |
| debian | p7zip | < 7zip 25.00+dfsg-1 (forky) | 7zip 25.00+dfsg-1 (forky) |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2025-11002: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
osv·2026-01-23·CVSS 7.8
CVE-2025-11002 [HIGH] CVE-2025-11002: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
GHSA
GHSA-6hqx-f664-v9xx: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
ghsa_unreviewed·2026-01-23
CVE-2025-11002 [HIGH] CWE-22 GHSA-6hqx-f664-v9xx: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
Debian
CVE-2025-11002: 7zip - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. ...
vendor_debian·2025·CVSS 7.8
CVE-2025-11002 [HIGH] CVE-2025-11002: 7zip - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. ...
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
Scope: local
bookworm: open
forky: resolved (fixed in 25.00+dfsg-1)
sid: resolved (fixed in 25.00+dfsg-1)
trixie: resolved (fixed in 25.01+dfsg-1~deb13u1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-11002 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-42]
bugzilla·2026-01-26·CVSS 7.8
CVE-2025-11002 [HIGH] CVE-2025-11002 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-42]
CVE-2025-11002 retroarch: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently
Qualys
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option | Qualys
blogs_qualys·2025-12-04·CVSS 7.8
CVE-2025-11001 [HIGH] Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option | Qualys
#### Table of Contents
- How Qualys Patch Management Helps Proactively respond to such Vulnerabilities
- Conclusion
A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an attacker to overwrite system files or execute arbitrary code with the permissions of a service account.
Originally disclosed in October 2025, the vulnerability carries a CVSS v3 score of 7.0 and affects all versions prior to 25.0.0. Exploitation has been observed across multiple sectors, including healthcare and finance. A related issue, CVE-2025-11002, shares the same underlyin
Qualys
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
blogs_qualys·2025-12-04·CVSS 7.8
CVE-2025-11001 [HIGH] Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option
## Table of Contents
How Qualys Patch Management Helps Proactively respond to such Vulnerabilities
Conclusion
A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an attacker to overwrite system files or execute arbitrary code with the permissions of a service account.
Originally disclosed in October 2025, the vulnerability carries a CVSS v3 score of 7.0 and affects all versions prior to 25.0.0. Exploitation has been observed across multiple sectors, including healthcare and finance. A related issue, CVE-2025-11002, shares the same underlying cau
Wiz
CVE-2025-11002 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-11002 [HIGH] CVE-2025-11002 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11002 :
7-Zip vulnerability analysis and mitigation
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.
Source : NVD
## 7.8
Score
Published January 23, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
7-Zip
Linux Debian
2026-01-23
Published