关联漏洞
描述
CVE-2025-11001
介绍
# 🔥 **CVE-2025-11001: Critical 7-Zip RCE Vulnerability** 🔥
⚠️ **Severity**: Critical (Remote Code Execution)
🛠️ **Affected**: 7-Zip < 25.00 (Windows + Linux p7zip)
🧨 **Exploit Type**: Malicious ZIP → Directory Traversal + RCE
🔗 **CWE**: CWE-22 (Path Traversal)
🕵️♂️ **Public Exploit**: Yes, already circulating
📅 **Disclosed**: October 7, 2025
### 🎯 How It Works
Attackers craft a booby-trapped .zip file containing `../../evil.exe` or similar paths. When you extract it with vulnerable 7-Zip → bam! Files are written anywhere on the system → instant code execution. 💥
### 🧨 Usage:
```
python3 CVE-2025-11001.py -t "C:\Users\pac\Desktop" -o demo.zip --data-file calc.exe
```
### 🖥️ Affected Platforms (as of Nov 2025)
| Platform | Status | Emoji Verdict |
|----------------|-------------------------|--------------------|
| Windows 7-Zip | < 25.00 → Vulnerable | ❌ Patch NOW! |
| Debian p7zip | Still unpatched | 😱 Danger zone |
| Ubuntu | Partial fixes | ⚠️ Update ASAP |
| 7-Zip ≥ 25.00 | Fixed | ✅ Safe |
### 🛡️ Immediate Fix
🚀 **Download 7-Zip 25.00+** → https://github.com/ip7z/7zip/releases/tag/25.00
🔍 Scan with Nessus (plugin 270234)
🏖️ Extract unknown ZIPs only in sandbox
Don’t be the next victim — patch today and stay safe out there! 🛡️✨
文件快照
[4.0K] /data/pocs/a89fcb97478c8e4c93a32370eca514d3dd041b74
├── [2.3K] CVE-2025-11001.py
└── [1.6K] README.md
1 directory, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。