[Vulnerability Alert] 7-Zip has Remote Code Execution Vulnerabilities (CVE-2025-11001 and CVE-2025-11002), Please Confirm and Patch as Soon as Possible

Posted Date: 2025/11/26

Subject: [Vulnerability Alert] 7-Zip has Remote Code Execution Vulnerabilities (CVE-2025-11001 and CVE-2025-11002), Please Confirm and Patch as Soon as Possible

Content:
- 7-Zip compression software was recently revealed to have two high-risk vulnerabilities, CVE-2025-11001 and CVE-2025-11002. Due to improper coding, decompressing malicious ZIP files may trigger the related vulnerabilities and lead to arbitrary code execution (RCE), thereby compromising the system. The vulnerability affects versions prior to 25.00 (exclusive). Users are advised to install the latest version.
Affected Platforms:
- 7-Zip versions prior to 25.00
Recommended Measures:
- Users are advised to update to the latest version on the official website as soon as possible: https://www.7-zip.org/
References:
1. CVE-2025-11001: https://nvd.nist.gov/vuln/detail/CVE-2025-11001
2. https://cybersecuritynews.com/7-zip-vulnerabilities/

Computer and Communications Center
Network Systems Group