Security alert infographic: 7-Zip icon with red symlink arrows leading to code execution icons, malicious ZIP exploding into files; protective shields for updates and antivirus, with "Update Your Software" warning banner over a file extraction interface.

A PoC exploit for CVE-2025-11001 and CVE-2025-11002 in 7-Zip (versions 21.02-24.09) enables attackers to execute arbitrary code remotely through crafted ZIP files. These CVSS 7.0 flaws arise from improper symlink handling on Windows, allowing path traversal that bypasses safety checks and writes files to sensitive locations.

Security alert infographic: 7-Zip icon with red symlink arrows leading to code execution icons, malicious ZIP exploding into files; protective shields for updates and antivirus, with "Update Your Software" warning banner over a file extraction interface.Security alert infographic: 7-Zip icon with red symlink arrows leading to code execution icons, malicious ZIP exploding into files; protective shields for updates and antivirus, with "Update Your Software" warning banner over a file extraction interface.

The exploit uses symlinks to redirect payloads, potentially leading to code execution if users run the extracted files. It requires elevated privileges and is limited to Windows, but poses risks in phishing campaigns for initial access.

Security alert infographic: 7-Zip icon with red symlink arrows leading to code execution icons, malicious ZIP exploding into files; protective shields for updates and antivirus, with "Update Your Software" warning banner over a file extraction interface.Security alert infographic: 7-Zip icon with red symlink arrows leading to code execution icons, malicious ZIP exploding into files; protective shields for updates and antivirus, with "Update Your Software" warning banner over a file extraction interface.

Protect yourself: Update to 7-Zip 25.00, disable symlink support during extraction, and scan archives with antivirus. Monitor for unusual file writes to counter these evolving archive tool threats.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security