cbcvebase.
CVE-2025-55188
published 2025-08-08

CVE-2025-55188: 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

PriorityP415low3.6CVSS 3.1
AVLACLPRNUIRSCCNILAN
EPSS
0.69%
48.1th percentile
7-Zip before 25.01 does not always properly handle symbolic links during extraction.

Affected

4 ranges
VendorProductVersion rangeFixed in
7-zip7-zip< 25.0125.01
7-zipp7zip>= 0 < 16.02+transitional.116.02+transitional.1
debian7zip< 7zip 25.01+dfsg-1 (forky)7zip 25.01+dfsg-1 (forky)
debianp7zip< 7zip 25.01+dfsg-1 (forky)7zip 25.01+dfsg-1 (forky)

CVSS provenance

nvdv3.13.6LOWCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
osv3.6LOW
vendor_debian3.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.