Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-11001 PoC — 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

Source
https://github.com/mbanyamer/CVE-2025-11001---7-Zip
Associated Vulnerability
Title:7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability (CVE-2025-11001)
Description:7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
Description
CVE-2025-11001 (CVSS 7.0) – 7-Zip < 25.00 Directory Traversal → RCE via crafted ZIP with symlink. Allows arbitrary file write when extracted as Administrator. Fixed in 7-Zip 25.00 (July 2025).
Readme
# CVE-2025-11001 - 7-Zip < 25.00 Directory Traversal to RCE PoC

> **High-severity symlink traversal in 7-Zip** allowing arbitrary file write / RCE  
> **Patched in 7-Zip 25.00 (July 2025)** – Public exploit available  
> **FOR AUTHORIZED SECURITY TESTING AND RESEARCH ONLY**

![7-Zip](https://img.shields.io/badge/7--Zip-%3C%2025.00-red) ![CVE](https://img.shields.io/badge/CVE-2025--11001-orange) ![CVSS](https://img.shields.io/badge/CVSS-7.0%20(High)-critical)

## Vulnerability Summary

- **CVE**: [CVE-2025-11001](https://nvd.nist.gov/vuln/detail/CVE-2025-11001)
- **CVSS v3.1**: **7.0 (High)** – `AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H`
- **Affected**: All 7-Zip versions **< 25.00** (Windows)
- **Fixed in**: 7-Zip **25.00** and later
- **Discovery**: Ryota Shiga (Flatt Security) via ZDI (ZDI-25-949)
- **Exploit Type**: ZIP symlink directory traversal → arbitrary file placement
- **Impact**: Remote Code Execution when victim extracts malicious archive **as Administrator**

## PoC Author

**Mohammed Idrees Banyamer**  
Jordan | Security Researcher  
Instagram: [@banyamer_security](https://instagram.com/banyamer_security)  
GitHub: https://github.com/mbanyamer

## Usage 

```bash
python3 cve-2025-11001_poc.py \
  -t "C:\Windows\System32" \
  -p payload/malicious.exe \
  -o CVE-2025-11001-exploit.zip
File Snapshot

 [4.0K]  /data/pocs/88f49d84b6df9674c25c8b9a5fe23801c1165c6d
├── [4.5K]  cve-2025-11001.py
├── [ 34K]  LICENSE
└── [1.3K]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →