Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update

A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.

A vulnerability has been found in the very popular, free file-compressing tool 7-Zip. The flaw, tracked as CVE-2025-11001, has a public exploit, leading to a high-risk warning from the UK’s NHS England Digital.

While the NHS confirmed active exploitation has not been observed in the wild, the public PoC means the risk of future attacks is extremely high. The vulnerability was discovered by Ryota Shiga of GMO Flatt Security Inc., with help from their AI tool AppSec Auditor Takumi.

What’s the Problem?

The issue is related to how older 7-Zip versions handle symbolic links inside ZIP files (a symbolic link is a shortcut to another file or folder). As explained by Trend Micro’s Zero Day Initiative (ZDI), which first ...