The vulnerability, identified as CVE-2025-55188, is an arbitrary file write flaw present in 7-Zip versions before 25.01. This security issue is rooted in how the software handles symbolic links during the extraction process. An attacker can create a maliciously crafted archive containing symbolic links that point to sensitive system files. When a user extracts this archive, 7-Zip follows these links and overwrites the intended target files instead of placing them in the designated extraction directory. This can be exploited to achieve unauthorized access or code execution by corrupting critical system files.
Exploitation on Different Operating Systems
The exploitation of this vulnerability is slightly different depending on the operating system. On Linux, the process is more straightforward; an attacker needs the target to be using a vulnerable version of 7-Zip to extract a malicious archive containing symbolic links. On Windows, however, the attack requires additional conditions. For the symbolic links to be created, the 7-Zip extraction process must be running with elevated privileges or in Windows Developer Mode. This makes Windows systems less susceptible but not entirely immune to the attack. The ability to overwrite files like SSH keys or .bashrc files on Linux makes the vulnerability particularly dangerous in a server environment.
Severity and Practical Impact
Despite being assigned a low-severity CVSS score of 2.7, security experts are warning that the practical impact of this vulnerability is much greater. The ability to perform arbitrary file writes can lead to significant compromise of a system, as attackers can overwrite critical files that control system behavior. The attack is made more insidious by 7-Zip’s behavior of displaying the file path before symbolic link resolution. This allows attackers to hide the true destination of their malicious writes from the user. Attackers can also attempt multiple file overwrites during a single extraction, increasing their chances of a successful compromise.
Mitigation and Patching
The only definitive solution to this vulnerability is to update to 7-Zip version 25.01, which was released on August 3, 2025. This new version includes enhanced symbolic link handling and significant security improvements to prevent this type of attack. It also introduces a new command-line switch, -snld20, which can bypass default security checks for administrators who need controlled flexibility. Given 7-Zip’s widespread use, immediate patching is highly recommended for both personal and enterprise systems.
Recommended Security Practices
In addition to updating to the latest version of 7-Zip, several other mitigation strategies are recommended. Users and organizations should avoid extracting archives from untrusted sources. Implementing sandboxed environments for handling unknown files can also provide an additional layer of security. Since 7-Zip lacks an automatic update feature, organizations should also audit their systems to ensure all installations are patched. This vulnerability is the latest in a series of recent security issues found in 7-Zip, highlighting the ongoing need for vigilance and robust security practices when dealing with compressed files.
Reference:
