Loading
Yanuki
ARTICLE DETAIL
7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Malicious VS Code Extension and NPM Packages Target Developers | Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities | SonicWall Blames State-Sponsored Hackers for September Security Breach | AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures | SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control | 7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation | JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites | Lazarus APT Remote-Worker Scheme Captured Live | Salesforce Data Breach Impacts Over 200 Companies Via Gainsight | Malicious VS Code Extension and NPM Packages Target Developers | Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities | SonicWall Blames State-Sponsored Hackers for September Security Breach | AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures | SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control

Vulnerabilities / Exploits

7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation

A remote code execution (RCE) vulnerability in 7-Zip, identified as CVE-2025-11001, is actively being exploited in the wild. This flaw allows attackers to execute arbitrary code on affected systems. It is crucial to update 7-Zip to version...

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
Share
X LinkedIn

cybersecurity news today
7-Zip RCE Vulnerability (CVE-2025-11001) Under Active Exploitation Image via The Hacker News

Key Insights

  • CVE-2025-11001 is a remote code execution vulnerability affecting 7-Zip.
  • Active exploitation of this flaw has been observed.
  • The vulnerability stems from improper handling of symbolic links in ZIP files.
  • Successful exploitation allows attackers to execute code within the context of a service account.
  • 7-Zip version 25.00 addresses this vulnerability.
  • Proof-of-concept (PoC) exploits are publicly available, increasing the urgency to patch.

In-Depth Analysis

The vulnerability, CVE-2025-11001, arises from the way 7-Zip handles symbolic links within ZIP archives. By crafting malicious ZIP files, attackers can cause 7-Zip to traverse to unintended directories and execute code.

Specifically, the flaw exists in versions 21.02 through 24.x. Version 25.00, released in July 2025, contains the fix. The discovery was credited to Ryota Shiga of GMO Flatt Security Inc. and their AI-powered AppSec Auditor, Takumi.

Security researcher Dominik (aka pacbypass) noted that exploitation is limited to elevated user/service accounts or machines with developer mode enabled, and is specific to Windows systems.

To protect against this vulnerability, users should: 1. Immediately update 7-Zip to version 25.00. 2. Exercise caution when opening ZIP files from untrusted sources.

This vulnerability highlights the importance of keeping software up-to-date and being wary of potentially malicious files. Understanding the attack vector and necessary precautions can help users stay secure.

Read source article

FAQ

What is CVE-2025-11001?

It is a remote code execution vulnerability in 7-Zip related to symbolic link handling.

Which versions of 7-Zip are affected?

Versions 21.02 through 24.x are affected.

How can I fix this vulnerability?

Update to 7-Zip version 25.00 or later.

Is this vulnerability being actively exploited?

Yes, active exploitation has been observed in the wild.

On which operating systems can this vulnerability be exploited?

This vulnerability can only be exploited on Windows.

Takeaways

  • **Update Immediately:** Upgrade your 7-Zip installation to version 25.00.
  • **Be Cautious:** Exercise caution when opening ZIP files, especially from untrusted sources.

Discussion

Do you think the widespread use of 7-Zip makes this vulnerability particularly dangerous? Share your thoughts in the comments below!

Share this article with others who need to stay ahead of this trend!

Sources

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) Recent 7-Zip Vulnerability Exploited in Attacks 7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Cybersecurity / Cyber Attacks

JS#SMUGGLER Campaign Deploys NetSupport RAT via Compromised Websites

Cybersecurity researchers have uncovered a sophisticated campaign named JS#SMUGGLER that leverages compromised websites to distribute the NetSupport RAT (Remote Access Trojan). This multi-stage attack grants cybercriminals extensive control...

Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT

Cybersecurity / Threat Intelligence

Lazarus APT Remote-Worker Scheme Captured Live

A joint investigation has uncovered North Korea's Lazarus Group's infiltration scheme using remote IT workers. Researchers captured operators live, revealing their tactics on controlled sandbox environments, highlighting a sophisticated met...

Researchers Capture Lazarus APT's Remote-Worker Scheme Live on Camera

Security / Data Breach

Salesforce Data Breach Impacts Over 200 Companies Via Gainsight

A significant data breach has impacted over 200 companies using Salesforce, stemming from a vulnerability in apps published by Gainsight, a customer support platform provider. This supply chain attack highlights the increasing risks associa...

Salesforce says customer data possibly exposed following incident

Security / Malware

Malicious VS Code Extension and NPM Packages Target Developers

The software development ecosystem is facing increased threats from malicious actors. Recent incidents involve a VS Code extension with ransomware capabilities and NPM packages distributing information-stealing malware, highlighting the imp...

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cyber Attacks / Vulnerabilities

Ukraine Phishing Campaign and Cisco Firewall Vulnerabilities

This article summarizes two critical cybersecurity updates: a phishing campaign targeting Ukrainian entities and newly discovered vulnerabilities in Cisco firewalls. Stay informed to protect your systems and data.

Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine

Security / Data Breach

SonicWall Blames State-Sponsored Hackers for September Security Breach

SonicWall has officially attributed the September security breach, which led to the unauthorized exposure of firewall configuration backup files, to state-sponsored threat actors. The company's investigation, conducted with Mandiant, conclu...

SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

AI / Model Security

AI Chatbot Vulnerabilities: How Average Users Can Bypass Safety Measures

Recent research highlights significant vulnerabilities in AI chatbots, demonstrating that even non-technical users can bypass safety measures and elicit biased or unintended responses. This exposes potential risks in various applications of...

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Security / Malware

SesameOp: Novel Backdoor Uses OpenAI Assistants API for Command and Control

Microsoft researchers have uncovered a new backdoor, dubbed SesameOp, that leverages the OpenAI Assistants API for command-and-control (C2) communications. This innovative approach allows threat actors to stealthily communicate and orchestr...

SesameOp: Novel backdoor uses OpenAI Assistants API for command and control