CVE-2025-55188

LOW

7-Zip <25.01 - Info Disclosure

Title source: llm

Description

7-Zip before 25.01 does not always properly handle symbolic links during extraction.

Exploits (2)

nomisec WORKING POC 33 stars

by hunters-sec · poc

https://github.com/hunters-sec/CVE-2025-55188-7z-exploit

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by lunbun · poc

https://github.com/lunbun/CVE-2025-55188

View Code ZIP pw:eip

References (14)

[Product] https://github.com/ip7z/7zip/compare/25.00...25.01

[Release Notes] https://github.com/ip7z/7zip/releases/tag/25.01

[Exploit] https://github.com/lunbun/CVE-2025-55188/

[Exploit, Third Party Advisory] https://lunbun.dev/blog/cve-2025-55188/

[Product] https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/

[Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2025/08/09/1

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability

[Exploit] https://youtu.be/sWT6M1cfnwM

[Mailing List] http://www.openwall.com/lists/oss-security/2025/08/09/1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/08/10/1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/08/13/1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/10/12/2

[Mailing List] http://www.openwall.com/lists/oss-security/2025/10/16/7

Scores

CVSS v3 3.6

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Details

CWE

CWE-59

Status published

Products (1)

7-zip/7-zip < 25.01

Published Aug 08, 2025

Tracked Since Feb 18, 2026