Start your free trial today.
Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.
Your Shield Against Threats
Unleash the Power of Cybersecurity
Boost Your Security, Enhance Your Business
We solve Your Cyber Challenges
Quick Links
Resources
Deepaegis Portals
2025 Deepaegis. All Rights Reserved.
7-Zip before version 25.01 does not properly handle symbolic links during extraction.
If exploited, attackers could manipulate symbolic links in archive files so that extracted files overwrite sensitive or critical files outside the intended extraction directory, potentially leading to partial compromise of system integrity.
7-Zip
Affected Version: Before 25.01
Remediation: Upgrade to 7-Zip version 25.01 or later, which addresses this vulnerability.
Fix included in 7-Zip 25.01 release.
Avoid extracting untrusted archive files containing symbolic links until patched version is installed.
Update to 7-Zip v25.01 or later. Only extract archives from trusted sources. Monitor file extraction locations for anomalies.
Check extracted files for unexpected symbolic links pointing outside intended directories.
8/7/2025
8/7/2025
No references provided
No affected organizations specified
This document contains sensitive information. Unauthorized distribution is prohibited.