A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action.
Details of the CVE-2025-11001 Vulnerability
CVE-2025-11001 is classified as a file-parsing directory traversal remote code execution vulnerability. With a CVSS score of 7.0, the flaw is considered high severity. Exploitation occurs through 7-Zip’s handling of symbolic links during the extraction of archive files.
By crafting malicious archives, attackers can manipulate 7-Zip to write files outside the intended extraction directory. This misbehavior enables the placement of executable files in sensitive system locations, which can then be triggered to execute arbitrary code.
Security researchers have released a proof-of-concept (PoC) exploit demonstrating how CVE-2025-11001 can be leveraged. While the PoC does not constitute a fully weaponized attack, it lowers the barrier for cybercriminals, making unpatched systems increasingly vulnerable.
Impact and Threat Assessment
All 7-Zip versions before 25.00 are at risk, which includes a vast number of enterprise systems, government agencies, and personal computers. The NHS Digital cybersecurity team has classified this issue as Threat ID CC-4719 with medium severity, highlighting the urgent need for patching.
Although initial reports suggested active exploitation in the wild, a subsequent update on November 20, 2025, clarified that no confirmed exploitation of CVE-2025-11001 has been observed by NHS England’s National Cyber Security Operations Centre (CSOC). The National CSOC did confirm the existence of the public PoC exploit and indicated that potential exploitation remains likely in the future if systems are left unpatched.
Given the deployment of 7-Zip across multiple environments, the potential attack surface is significant. A successful attack could allow unauthorized access to sensitive systems and facilitate the deployment of additional malware payloads.
Remediation and Recommendations
In response to CVE-2025-11001, 7-Zip released version 25.00, which addresses the vulnerability and mitigates the risk of remote code execution via malicious archive files. Organizations and individual users are strongly advised to upgrade immediately. Delaying the update leaves systems exposed to potential threats that could be exploited once more attacks emerge.
System administrators should prioritize updating all endpoints and servers running vulnerable 7-Zip versions. Implementing this patch eliminates the directory traversal flaw, effectively neutralizing the possibility of arbitrary code execution through symbolic link abuse.
Conclusion
CVE-2025-11001 is a high-severity 7-Zip vulnerability. While NHS systems haven’t seen confirmed exploitation, the public proof-of-concept raises the risk. Organizations should update to 7-Zip 25.00 or later and report incidents to NHS Digital.
To stay protected from threats like CVE-2025-11001, Cyble provides AI-driven vulnerability intelligence, helping organizations prioritize and patch critical risks before they are exploited. Schedule a personalized demo with Cyble to protect your systems today.
