7-Zip Symbolic Link Handling Vulnerability

A vulnerability exists in 7-Zip versions prior to 25.01, where the application does not consistently manage symbolic links correctly during the extraction process. This issue could potentially be exploited to create symbolic links that bypass default security measures.

Impact

Exploitation of this vulnerability could lead to unsafe handling of symbolic links, allowing for the creation of links that bypass security checks.

Reproduction

To reproduce this vulnerability, extract an archive containing symbolic links with a version of 7-Zip prior to 25.01. The symbolic links may not be handled correctly, potentially leading to security risks. Alternatively, the command line switch '-snld20' can be used with 7-Zip 25.01 to bypass the improved security checks for symbolic links, demonstrating how the vulnerability could be exploited.

Remediation

Users can upgrade to 7-Zip version 25.01 or later, where this vulnerability has been addressed.