Two newly disclosed vulnerabilities in 7-Zip could allow attackers to execute arbitrary code by tricking users into opening a malicious ZIP archive. The issues, data-analytics-id=”inline-link” href=”https://www.zerodayinitiative.com/advisories/ZDI-25-949/” data-url=”https://www.zerodayinitiative.com/advisories/ZDI-25-949/” target=”_blank” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>reported October 7 by Trend Micro’s Zero Day Initiative (ZDI), affect multiple builds of the popular open-source compression tool and were quietly fixed in July.

Tracked as CVE-2025-11001 and CVE-2025-11002, the flaws stem from how 7-Zip parses symbolic links within ZIP files. In essence, a crafted archive can escape its intended extraction…

Two newly disclosed vulnerabilities in 7-Zip could allow attackers to execute arbitrary code by tricking users into opening a malicious ZIP archive. The issues, data-analytics-id=”inline-link” href=”https://www.zerodayinitiative.com/advisories/ZDI-25-949/” data-url=”https://www.zerodayinitiative.com/advisories/ZDI-25-949/” target=”_blank” referrerpolicy=”no-referrer-when-downgrade” data-hl-processed=”none”>reported October 7 by Trend Micro’s Zero Day Initiative (ZDI), affect multiple builds of the popular open-source compression tool and were quietly fixed in July.

Tracked as CVE-2025-11001 and CVE-2025-11002, the flaws stem from how 7-Zip parses symbolic links within ZIP files. In essence, a crafted archive can escape its intended extraction…