CVE-2025-55188 | THREATINT

Description

7-Zip before 25.01 does not always properly handle symbolic links during extraction.

PUBLISHED Reserved 2025-08-08 | Published 2025-08-08 | Updated 2025-09-08 | Assigner mitre

LOW: 3.6CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Problem types

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Product status

Default status

unaffected

Any version before 25.01

affected

References

sourceforge.net/...enzip/discussion/45797/thread/da14cd780b/

github.com/ip7z/7zip/releases/tag/25.01

github.com/ip7z/7zip/compare/25.00...25.01

www.openwall.com/lists/oss-security/2025/08/09/1

youtu.be/sWT6M1cfnwM

lunbun.dev/blog/cve-2025-55188/

github.com/lunbun/CVE-2025-55188/

cve.org (CVE-2025-55188)

nvd.nist.gov (CVE-2025-55188)

Download JSON