CVE-2025-55188
LOW EPSS 48.1%
Published Aug 8, 202510mo ago ยท Modified Jun 17, 20261w ago
3.6 CVSS 3.1
Published Aug 8, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago
Description
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
48.1% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-59
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| 7-zip | 7-zip | * | <25.01 |
References 14
- openwall.com http://www.openwall.com/lists/oss-security/2025/08/09/1
- openwall.com http://www.openwall.com/lists/oss-security/2025/08/10/1
- openwall.com http://www.openwall.com/lists/oss-security/2025/08/13/1
- openwall.com http://www.openwall.com/lists/oss-security/2025/10/12/2
- openwall.com http://www.openwall.com/lists/oss-security/2025/10/16/7
- github.com https://github.com/ip7z/7zip/compare/25.00...25.01
- github.com https://github.com/ip7z/7zip/releases/tag/25.01
- github.com https://github.com/lunbun/CVE-2025-55188/
- lunbun.dev https://lunbun.dev/blog/cve-2025-55188/
- sourceforge.net https://sourceforge.net/p/sevenzip/discussion/45797/thread/da14cd780b/
- openwall.com https://www.openwall.com/lists/oss-security/2025/08/09/1
- vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-55188-detect-7-zip-vulnerable-version
- vicarius.io https://www.vicarius.io/vsociety/posts/cve-2025-55188-mitigate-7-zip-vulnerability
- youtu.be https://youtu.be/sWT6M1cfnwM
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.