Critical 7-Zip Update Required: ZIP Symlink Vulnerabilities Enable Windows Code Execution
Two critical 7-Zip vulnerabilities enable attackers to execute code on Windows systems through malicious ZIP files containing symbolic links. The flaws affect older versions and require immediate updating to version 25.01 or newer for protection.
If you use 7-Zip to handle compressed files, immediate action is required to address two critical security vulnerabilities that could enable code execution on Windows systems. Discovered by Trend Micro’s Zero Day Initiative, these ZIP symlink vulnerabilities (CVE-2025-11001 and CVE-2025-11002) allow attackers to escape folder restrictions during extraction and write malicious files to sensitive system locations. The flaws affect multiple older versions of the popular compression tool and were quietly patched months ago, though many users remain unaware of the critical update requirement.