BeyondMachines :verified:@beyondmachines1@infosec.exchange
Vulnerability in 7-Zip archive software enables arbitrary file write and code execution
A security vulnerability (CVE-2025-55188) in 7-Zip allows attackers to execute arbitrary code and overwrite system files like SSH keys through maliciously crafted archives that exploit unsafe symbolic link handling during extraction. Even though the CVSS score is low and is under debate, it's wise to update.
Unless there is some breaking relationship in your code, update your 7-Zip software to version 25.01 or later. Even though there are prerequisites to this exploit and a debate on the severity, a malicious archive has the risk to harm your system. So better safe than sorry.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerability-in-7-zip-archive-software-enables-arbitrary-file-write-and-code-execution-0-a-d-2-f/gD2P6Ple2L