How to fix CVE-2025-11002?

Within 24 hours: Inventory all systems running 7-Zip and identify those processing untrusted or externally-sourced files; disable 7-Zip file associations for web downloads where possible. Within 7 days: Implement network controls to restrict 7-Zip usage to trusted sources only; deploy endpoint monitoring for suspicious 7-Zip process behavior; restrict user permissions on affected systems. Within 30 days: Evaluate alternative archive tools; monitor vendor advisories for patch availability and plan immediate deployment upon release; conduct risk assessment of historical file processing.

Is 7 Zip affected by CVE-2025-11002?

A critical remote code execution vulnerability in 7-Zip (CVE-2025-11002) allows attackers to execute arbitrary code through malicious ZIP files, potentially compromising any system where 7-Zip processes untrusted archives.

CVE-2025-11002

HIGH

2026-01-23 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 23, 2026 - 04:16 nvd

HIGH 7.8

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743.

Analysis

Technical Context

Classified as CWE-22 (Path Traversal). Affects the context of a component of 7-Zip. 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can

Affected Products

Vendor: 7-Zip. Product: 7-Zip. Versions: up to 24.09. Component: context of a.

Remediation

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +39

POC: 0

Vendor Status

CVE-2025-11002 vulnerability details – vuln.today

Back

CVE-2025-11002

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-11002

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code