Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-11001

Опубликовано: 19 нояб. 2025
Источник: nvd
CVSS3: 7
CVSS3: 7.8
EPSS Низкий

Описание

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:7-zip:7-zip:24.09:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*

EPSS

Процентиль: 58%
0.00375
Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2025-11001

CVSS3: 7.8
ubuntu
11 дней назад

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

debian логотип

CVE-2025-11001

CVSS3: 7.8
debian
11 дней назад

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulne ...

github логотип

GHSA-h6cw-8q9x-9gj9

CVSS3: 7
github
11 дней назад

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

fstec логотип

BDU:2025-12910

CVSS3: 7
fstec
около 2 месяцев назад

Уязвимость файлового архиватора 7-Zip, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20251110-02

redos
21 день назад

Уязвимость 7zip

EPSS

Процентиль: 58%
0.00375
Низкий

7 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-22