A critical remote code execution (RCE) vulnerability in the popular 7-Zip file archiver is being actively exploited by threat actors. The vulnerability, tracked as CVE-2025-11001, stems from a flaw in how the software handles symbolic links within archived files.

Security researchers have confirmed that attackers are leveraging this vulnerability in real-world attacks. Successful exploitation allows an attacker to execute arbitrary code on a victim’s system by tricking them into extracting a specially crafted archive file.

Vulnerability Details: CVE-2025-11001

The core of CVE-2025-11001 is a symbolic link-based issue. When a user extracts a malicious archive containing a specific type of symbolic link, the vulnerability can be triggered. This allows a file to be written to an arbitrary location on the file system, which can then lead to code execution. The flaw affects unpatched versions of the 7-Zip software, putting a large number of users at risk due to the utility’s widespread use.

Immediate Patching Required

In response to the discovery and active exploitation, the developers of 7-Zip have released a security update that addresses the vulnerability. All users and system administrators are urged to update their 7-Zip installations to the latest version immediately to mitigate the threat posed by these ongoing attacks. The active exploitation in the wild elevates the urgency of applying the available patch to prevent system compromise.

Source: https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html