Primary

Context

7-Zip Directory Traversal Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in 7-Zip, specifically in the handling of symbolic links within ZIP files. This flaw allows remote attackers to execute arbitrary code on affected installations by crafting ZIP files that cause the 7-Zip process to traverse to unintended directories. Exploitation of this vulnerability requires user interaction, and the executed code runs in the context of a service account.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

This vulnerability has been fixed in 7-Zip version 25.00.

Added: Nov 19, 2025, 10:19 PM

Updated: Nov 19, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

7-Zip Directory Traversal Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

7-Zip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating