Share
## https://sploitus.com/exploit?id=ECFA39C2-1EC1-59A8-9C07-331C009FE2BC
# CVE-2025-11001 - 7-Zip **High-severity symlink traversal in 7-Zip** allowing arbitrary file write / RCE
> **Patched in 7-Zip 25.00 (July 2025)** โ Public exploit available
> **FOR AUTHORIZED SECURITY TESTING AND RESEARCH ONLY**
  -critical)
## Vulnerability Summary
- **CVE**: [CVE-2025-11001](https://nvd.nist.gov/vuln/detail/CVE-2025-11001)
- **CVSS v3.1**: **7.0 (High)** โ `AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H`
- **Affected**: All 7-Zip versions **< 25.00** (Windows)
- **Fixed in**: 7-Zip **25.00** and later
- **Discovery**: Ryota Shiga (Flatt Security) via ZDI (ZDI-25-949)
- **Exploit Type**: ZIP symlink directory traversal โ arbitrary file placement
- **Impact**: Remote Code Execution when victim extracts malicious archive **as Administrator**
## PoC Author
**Mohammed Idrees Banyamer**
Jordan | Security Researcher
Instagram: [@banyamer_security](https://instagram.com/banyamer_security)
GitHub: https://github.com/mbanyamer
## Usage
```bash
python3 cve-2025-11001_poc.py \
-t "C:\Windows\System32" \
-p payload/malicious.exe \
-o CVE-2025-11001-exploit.zip