【Vulnerability Alert】Remote code execution vulnerabilities (CVE-2025-11001 and CVE-2025-11002) have been identified in 7-Zip. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-11-28 update date : 2025-11-28

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025112502115757 Publication Time 2025/11/25 14:24
Incident Type ANA-Vulnerability Alert Discovery Time 2025/11/25 14:24
Impact Level Medium  
[Subject]
【Vulnerability Alert】Remote code execution vulnerabilities (CVE-2025-11001 and CVE-2025-11002) have been identified in 7-Zip. Please verify and apply the necessary patches as soon as possible.
[Content]
Two high-risk vulnerabilities, CVE-2025-11001 and CVE-2025-11002, were recently disclosed in the 7-Zip compression software. Due to improper programming, extracting a malicious ZIP file may trigger these vulnerabilities and allow arbitrary code execution (RCE), resulting in potential system compromise. These vulnerabilities affect versions prior to 25.00 (exclusive). Users are advised to update to the latest version.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
7-Zip versions prior to 25.00
[Recommended Actions]
Users are advised to promptly update to the latest version from the official website: https://www.7-zip.org/

[Reference]
1. CVE-2025-11001: https://nvd.nist.gov/vuln/detail/CVE-2025-11001

2. https://cybersecuritynews.com/7-zip-vulnerabilities/

3. https://www.ithome.com.tw/news/172366/
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center