7-Zip flaw exploited for remote code execution.

NHS England warns that attackers are exploiting CVE-2025-11001, a recently patched 7-Zip vulnerability allowing remote code execution. The flaw stems from symbolic link handling in ZIP files, enabling crafted data to escape intended directories. Exploitation has been observed in the wild, with proof-of-concept code available, and primarily affects Windows systems running older 7-Zip versions with administrative privileges. Users are urged to update to version 25.00, which fixes this and a related vulnerability.

Read more:

https://www.securityweek.com/recent-7-zip-vulnerability-exploited-in-attacks/