{“lastseen”:”2025-12-04T16:24:28″,”description”:”A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an attacker to overwrite system files or execute arbitrary code with the permissions of a service account.\\n\\nOriginally disclosed in October 2025, the vulnerability carries a CVSS v3 score of 7.0 and affects all versions prior to 25.0.0. Exploitation has been observed across multiple sectors, including healthcare and finance. A related issue, CVE-2025-11002, shares the same underlying cause and is addressed in the same update.\\n\\nOn November 18, 2025, NHS England Digital issued an advisory confirming active exploitation and urging organizations to update 7-Zip without delay. Unpatched systems remain susceptible to a range of impacts, including ransomware deployment, data theft, or persistent access through malicious ZIP files that may be triggered by simply opening or extracting an archive.\\n\\n## How Qualys Patch Management Helps Proactively respond to such Vulnerabilities \\n\\nManual patching for utility applications, such as 7-Zip, is often delayed, even when the security risk is high. Qualys Patch Management addresses this by enabling automated, prioritized, zero-touch patching, ensuring vulnerable systems are updated well before attackers can exploit them.\\n\\n### Automatic Patching of Applications Like 7-Zip \\n\\nQualys Patch Automation enables Security and IT teams to automatically deploy updates for commonly used products. Because 7-Zip is lightweight and its updates rarely affect workflows, it is well-suited for automated patching with minimal operational risk. In simple terms, it delivers low risk and high impact.\\n\\n_Low Risk Applications for Patch Automation_\\n\\n### Prioritized Remediation Based on Real-Time Risk \\n\\nQualys identifies which systems are running vulnerable 7-Zip versions and applies the patch for CVE-2025-11001 and CVE-2025-11002, delivering an immediate, high-impact reduction in risk. \\n\\n## Conclusion \\n\\nWith active exploitation of CVE-2025-11001 underway, it is important to update 7-Zip to version 25.00 or later, which includes fixes for both symbolic-link vulnerabilities.\\n\\nIntegrating Qualys Patch Management ensures updates are applied automatically and consistently, reducing your attack surface while keeping daily operations uninterrupted.\\n\\n* * *\\n\\n**Discover a smarter, automated approach to securing everyday software with Qualys Patch Automation.**\\n\\nStart Free Trial\\n\\n* * *”,”published”:”2025-12-04T15:25:10″,”modified”:”2025-12-04T15:25:10″,”type”:”qualysblog”,”title”:”Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option”,”source”:””,”references”:””,”id”:”QUALYSBLOG:7FBEEEB24579FDCE0A0B13D5EFCEF45F”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-11001″,”CVE-2025-11002″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”baseScore”:7,”baseSeverity”:”HIGH”,”attackVector”:”LOCAL”,”attackComplexity”:”HIGH”,”privilegesRequired”:”NONE”,”userInteraction”:”REQUIRED”,”scope”:”UNCHANGED”,”confidentialityImpact”:”HIGH”,”integrityImpact”:”HIGH”,”availabilityImpact”:”HIGH”}},”href”:”https:\/\/blog.qualys.com\/category\/product-tech”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-04T16:24:28″,”description”:”A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,28,12,15,13,120,7,11,5],"class_list":["post-28642","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n