Hackers Actively Exploiting 7-Zip Symbolic-Link RCE Vulnerability (CVE-2025-11001)
A recently disclosed vulnerability affecting 7-Zip is now under active exploitation, according to an advisory issued Tuesday by NHS England Digital. The flaw, tracked as CVE-2025-11001 (CVSS score: 7.0), enables remote code execution and was addressed in 7-Zip version 25.00, released in July 2025.
Trend Micro’s Zero Day Initiative said the issue stems from improper handling of symbolic links in ZIP files. Crafted ZIP data can trigger directory traversal, allowing attackers to execute code in the context of a service account.
The vulnerability was discovered and reported by Ryota Shiga of GMO Flatt Security Inc., along with the company’s AI-powered AppSec Auditor, Takumi.
