CVE-2025-11002

HIGH

7-Zip - Path Traversal

Title source: llm

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.

Exploits (1)

github WORKING POC 149 stars

by pacbypass · pythonpoc

https://github.com/pacbypass/CVE-2025-11001

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-25-950/

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-22

Status published

Products (1)

7-zip/7-zip 24.09

Published Jan 23, 2026

Tracked Since Feb 18, 2026