7-Zip symbolic-link RCE (CVE-2025-11001, actively exploited)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-11001 in 7-Zip is being actively exploited in the wild, creating remote code execution risk for Windows systems. The flaw abuses symbolic-link handling in ZIP files and can run attacker code in an elevated user or service account context. A fix is available in 7-Zip 25.00, and proof-of-concept exploit code has already been published.
Related Happenings
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation Wave
First: 27.01.2026 21:38
Last: 27.01.2026 21:38
Sources 1
About this happening:
**CVE-2025-8088** in **WinRAR** remains part of an **ongoing exploitation wave**, with **multiple threat groups** using the flaw for **initial access** and payload delivery. The a...
WinRAR path-traversal exploitation wave (CVE-2025-8088)
Exploitation WaveAbout this happening: **CVE-2025-8088** in **WinRAR** remains part of an **ongoing exploitation wave**, with **multiple threat groups** using the flaw for **initial access** and payload delivery. The a...
Fortra GoAnywhere MFT CVE-2025-10035 active exploitation wave
Exploitation Wave
First: 07.10.2025 11:45
Last: 07.10.2025 11:45
Sources 1
About this happening:
**CVE-2025-10035** in **Fortra GoAnywhere Managed File Transfer (MFT)** is being **actively exploited** in **ransomware attacks** against systems with the **admin console exposed...
Fortra GoAnywhere MFT CVE-2025-10035 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-10035** in **Fortra GoAnywhere Managed File Transfer (MFT)** is being **actively exploited** in **ransomware attacks** against systems with the **admin console exposed...
Timeline
-
19.11.2025 18:27 2 articles · 6mo ago
NHS England Digital warns of active 7-Zip exploitation
Initial DisclosureNHS England Digital warned that CVE-2025-11001 in 7-Zip is being actively exploited in the wild on Windows, where crafted ZIP files abusing symbolic-link handling can traverse to unintended directories and execute code in the context of an elevated user or service account. The flaw was addressed in 7-Zip version 25.00 released in July 2025, and Ryota Shiga of GMO Flatt Security Inc., together with Takumi, was credited with discovering and reporting the vulnerability.
Show sources
- Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) — thehackernews.com — 19.11.2025 18:27
- Recent 7-Zip Vulnerability Exploited in Attacks — www.securityweek.com — 20.11.2025 12:41