【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in 7-Zip (CVE-2025-55188). Please promptly verify and apply the necessary fixes.

publish date : 2025-12-29 update date : 2025-12-29

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2025122401121414 Publication Time 2025/12/24 13:39
Incident Type ANA-Vulnerability Alert Discovery Time 2025/12/24 13:39
Impact Level Medium  
[Subject]
【Vulnerability Alert】A High-Risk Security Vulnerability Has Been Identified in 7-Zip (CVE-2025-55188). Please promptly verify and apply the necessary fixes.

[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202512-00000198

Researchers have discovered a Link Following vulnerability (CVE-2025-55188) in 7-Zip. An unauthenticated local attacker can exploit this vulnerability to write arbitrary files.

This vulnerability is currently being actively exploited by attackers. Please promptly verify and apply the necessary fixes.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
7-Zip versions earlier than 25.01 (exclusive)
[Recommended Actions]
Update 7-Zip to version 25.01 or later.
[Reference]
https://nvd.nist.gov/vuln/detail/CVE-2025-55188
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center