Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

7-Zip security update for symbolic-link ZIP flaws (CVE-2025-11001, CVE-2025-11002)

Security Patch Release
First reported
Last updated
Happening score
H score 44
2 unique sources, 2 articles

Summary

Hide ▲

7-Zip released version 25.00 in July 2025 to fix CVE-2025-11001 and CVE-2025-11002, two ZIP symbolic-link flaws that could enable remote code execution. The patch matters because the bugs affect archive handling in 7-Zip and were tied to active exploitation of at least one flaw in the wild. Users should treat the update as high priority on Windows systems that process untrusted ZIP files.

Related Happenings

Microsoft Windows 11 mandatory Patch Tuesday updates (KB5089549, KB5087420)

Security Patch Release
First: 12.05.2026 21:09 Last: 12.05.2026 21:09 Sources 1

About this happening: Microsoft released **mandatory Windows 11 cumulative updates** for **KB5089549** and **KB5087420**, delivering the **May 2026 Patch Tuesday** fixes for **120 vulnerabilities** acr...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

Microsoft April 2026 Patch Tuesday security update (165 CVEs)

Security Patch Release
First: 15.04.2026 00:22 Last: 15.04.2026 00:22 Sources 1

About this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...

Open Happening

Windows 11 cumulative updates KB5083769 and KB5082052 (April 2026 Patch Tuesday)

Security Patch Release
First: 14.04.2026 20:46 Last: 14.04.2026 20:46 Sources 1

About this happening: **Microsoft** released mandatory **Windows 11** cumulative updates **KB5083769** and **KB5082052** to fix security vulnerabilities across **25H2, 24H2, and 23H2**. The **April 202...

Open Happening

Progress security patch release for CVE-2026-2699

Security Patch Release
First: 02.04.2026 16:33 Last: 02.04.2026 16:33 Sources 1

About this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...

Open Happening

Timeline

  1. 20.11.2025 12:41 1 articles · 6mo ago

    NHS England reports active exploitation of CVE-2025-11001 in 7-Zip

    Exploitation Observed

    NHS England says threat actors are actively exploiting CVE-2025-11001 in vulnerable 7-Zip installations on Windows, where crafted ZIP symbolic links can write files outside the intended extraction folder and in some scenarios enable remote code execution. The agency also says a proof-of-concept exploit is available.

    Show sources
    Open in new tab
  2. 19.11.2025 18:27 1 articles · 6mo ago

    Initial report: 7-Zip security update for symbolic-link ZIP flaws (CVE-2025-11001, CVE-2025-11002)

    Initial Disclosure

    By **July 2025**, **7-Zip 25.00** had become the fix point for two symbolic-link ZIP flaws, including **CVE-2025-11001**. The patch closed a path that could let crafted archives trigger code execution and directory traversal.

    Show sources
    Open in new tab