PT-2025-32410 · Igor Pavlov +3 · 7-Zip +3

Lunbun

Published

2025-08-03

Updated

2025-09-15

CVE-2025-55188

CVSS v3.1

3.6

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

**Name of the Vulnerable Software and Affected Versions:**

7-Zip versions prior to 25.01

**Description:**

7-Zip does not consistently handle symbolic links correctly during file extraction. This issue allows a crafted archive to overwrite files on the system, potentially leading to code execution. A public exploit is available for this vulnerability.

**Recommendations:**

Update to version 25.01 or later to address this issue.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2025-09673

CVE-2025-55188

Affected Products

7-Zip

Astra Linux

Debian

Red Os

PT-2025-32410 · Igor Pavlov +3 · 7-Zip +3

Weakness Enumeration

Related Identifiers

Affected Products

References · 48