7-Zip: tidy little utility, messy little bug.
A 7-Zip flaw (CVE-2025-11001) involving symbolic links has drawn urgent warnings. The Hacker News notes advisories that said the bug is being exploited, with fixes in 7-Zip 25.00. Admins should upgrade and be cautious opening archives from untrusted sources. (Note: subsequent NHS updates clarified they’d seen PoC availability and retracted an earlier “active exploitation” claim, underscoring mixed reporting; patch regardless.)
The trusty file archiver 7-Zip had a bad week. A vulnerability (CVE-2025-11001) linked to symbolic links can enable remote code execution when handling crafted archives. The fix landed in version 25.00, so if you’re still on a vintage build, it’s time for a spring clean, even in November.
Early notes suggested active exploitation; later updates from NHS England pointed to public PoCs but walked back confirmed in-the-wild attacks. Either way, the defensive move is the same: upgrade and treat unknown ZIPs as radioactive.
Action checklist:
• Roll out 7-Zip 25.00 or newer.
• Block or warn on archives from the internet zone; detonate in a sandbox if unsure.
• Apply application control so only approved archivers run.
• Train users: don’t extract unknown ZIPs, and definitely not directly onto file servers.
Utilities we use daily can become the perfect delivery vehicle for nasties. Keep them current, and keep curiosity in a VM.