关联漏洞
描述
CVE-2025-11001 (CVSS 7.0) – 7-Zip < 25.00 Directory Traversal → RCE via crafted ZIP with symlink. Allows arbitrary file write when extracted as Administrator. Fixed in 7-Zip 25.00 (July 2025).
介绍
# CVE-2025-11001 - 7-Zip < 25.00 Directory Traversal to RCE PoC
> **High-severity symlink traversal in 7-Zip** allowing arbitrary file write / RCE
> **Patched in 7-Zip 25.00 (July 2025)** – Public exploit available
> **FOR AUTHORIZED SECURITY TESTING AND RESEARCH ONLY**
  -critical)
## Vulnerability Summary
- **CVE**: [CVE-2025-11001](https://nvd.nist.gov/vuln/detail/CVE-2025-11001)
- **CVSS v3.1**: **7.0 (High)** – `AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H`
- **Affected**: All 7-Zip versions **< 25.00** (Windows)
- **Fixed in**: 7-Zip **25.00** and later
- **Discovery**: Ryota Shiga (Flatt Security) via ZDI (ZDI-25-949)
- **Exploit Type**: ZIP symlink directory traversal → arbitrary file placement
- **Impact**: Remote Code Execution when victim extracts malicious archive **as Administrator**
## PoC Author
**Mohammed Idrees Banyamer**
Jordan | Security Researcher
Instagram: [@banyamer_security](https://instagram.com/banyamer_security)
GitHub: https://github.com/mbanyamer
## Usage
```bash
python3 cve-2025-11001_poc.py \
-t "C:\Windows\System32" \
-p payload/malicious.exe \
-o CVE-2025-11001-exploit.zip
文件快照
[4.0K] /data/pocs/88f49d84b6df9674c25c8b9a5fe23801c1165c6d
├── [4.5K] cve-2025-11001.py
├── [ 34K] LICENSE
└── [1.3K] README.md
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。