CVE-2025-55188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55188
7-Zip before 25.01 does not always properly handle symbolic links during extraction.

3.6 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/ip7z/7zip/compare/25.00...25.01 Product
https://github.com/ip7z/7zip/releases/tag/25.01 Release Notes
https://github.com/lunbun/CVE-2025-55188/ Exploit
https://lunbun.dev/blog/cve-2025-55188/ Exploit Third Party Advisory
https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/ Product
https://www.openwall.com/lists/oss-security/2025/08/09/1 Mailing List Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version
https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability
https://youtu.be/sWT6M1cfnwM Exploit
Configurations

Configuration 1 (hide)

cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
History

10 Oct 2025, 15:16

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version -
  • () https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability -

29 Sep 2025, 22:59

Type Values Removed Values Added
References () https://github.com/lunbun/CVE-2025-55188/ - () https://github.com/lunbun/CVE-2025-55188/ - Exploit
References () https://lunbun.dev/blog/cve-2025-55188/ - () https://lunbun.dev/blog/cve-2025-55188/ - Exploit, Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2025/08/09/1 - () https://www.openwall.com/lists/oss-security/2025/08/09/1 - Mailing List, Third Party Advisory
References () https://youtu.be/sWT6M1cfnwM - () https://youtu.be/sWT6M1cfnwM - Exploit

08 Sep 2025, 07:15

Type Values Removed Values Added
References
  • () https://github.com/lunbun/CVE-2025-55188/ -

18 Aug 2025, 17:15

Type Values Removed Values Added
References
  • () https://lunbun.dev/blog/cve-2025-55188/ -

18 Aug 2025, 04:15

Type Values Removed Values Added
References
  • () https://www.openwall.com/lists/oss-security/2025/08/09/1 -
  • () https://youtu.be/sWT6M1cfnwM -

14 Aug 2025, 17:28

Type Values Removed Values Added
CPE cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
First Time 7-zip
7-zip 7-zip
References () https://github.com/ip7z/7zip/compare/25.00...25.01 - () https://github.com/ip7z/7zip/compare/25.00...25.01 - Product
References () https://github.com/ip7z/7zip/releases/tag/25.01 - () https://github.com/ip7z/7zip/releases/tag/25.01 - Release Notes
References () https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/ - () https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/ - Product

11 Aug 2025, 18:32

Type Values Removed Values Added
Summary
  • (es) 7-Zip anterior a 25.01 no siempre maneja correctamente los enlaces simbólicos durante la extracción.

10 Aug 2025, 01:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 2.7 		v2 : unknown
v3 : 3.6

08 Aug 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-08 21:15

Updated : 2025-10-10 15:16

NVD link : CVE-2025-55188

Mitre link : CVE-2025-55188

CVE.ORG link : CVE-2025-55188

JSON object : View

Products Affected

7-zip

  • 7-zip
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')