CVE-2025-55188 — Link Following in 7-zip

Severity

3.6LOWNVD

EPSS

0.0%

top 88.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 8

Description

7-Zip before 25.01 does not always properly handle symbolic links during extraction.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

▶NVD7-zip/7-zip< 25.01

▶debiandebian/7zip< 7zip 25.01+dfsg-1 (forky)

▶debiandebian/p7zip< 7zip 25.01+dfsg-1 (forky)

▶Debian7-zip/p7zip< 16.02+transitional.1

OSV

CVE-2025-55188: 7-Zip before 25↗2025-08-08

▶

GHSA

GHSA-58pw-r2v4-pwjv: 7-Zip before 25↗2025-08-08

▶

Debian

CVE-2025-55188: 7zip - 7-Zip before 25.01 does not always properly handle symbolic links during extract...↗2025

▶

Wiz

CVE-2025-11002 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶