CVE-2025-55188

CVSS v3.1

3.6

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

7-Zip and Affected Versions 7-Zip versions prior to 25.01

Description 7-Zip versions before 25.01 do not consistently handle symbolic links correctly during file extraction. This can allow an attacker to perform arbitrary file writes through a crafted archive, potentially leading to code execution. A publicly available exploit exists for this issue. The vulnerability stems from improper handling of symbolic links before accessing files, allowing an attacker to bypass security restrictions.

Recommendations Update 7-Zip to version 25.01 or later.

Exploit

Fix

RCE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2025-09673

CVE-2025-55188

Affected Products

7-Zip

Astra Linux

Debian

Red Os

CVE-2025-55188

Weakness Enumeration

Related Identifiers

Affected Products

References · 62