New 7-Zip high-severity vulnerabilities expose systems to remote attackers — users should update to version 25 ASAP

Two critical vulnerabilities in 7-Zip were disclosed by Trend Micro's Zero Day Initiative, allowing remote attackers to execute code via malicious ZIP archives. The flaws, CVE-2025-11001 and CVE-2025-11002, exploit how 7-Zip handles symbolic links in ZIP files, enabling attackers to write files to system locations. Users are urged to update to version 25.01 or newer, released in July, to patch these vulnerabilities. The lack of automatic updates for 7-Zip poses a risk, as users may remain vulnerable without realizing it. To mitigate the risk, users should avoid extracting archives from unverified sources until updating.