Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-11001 PoC — 7-Zip 路径遍历漏洞

Source
https://github.com/pacbypass/CVE-2025-11001
Associated Vulnerability
Title:7-Zip 路径遍历漏洞 (CVE-2025-11001)
Description:7-Zip是7-Zip开源的一个压缩软件。 7-Zip存在路径遍历漏洞,该漏洞源于处理ZIP文件中的符号链接不当,可能导致远程代码执行。
Description
Exploit for CVE-2025-11001 or CVE-2025-11002
Readme
# Usage:

```
python3 exploit.py -t "C:\Users\pac\Desktop" -o demo.zip --data-file calc.exe
```

# Exploiting 7-zip

The vulnerability is only exploitable on windows and has one major caveat.The bug can only be exploited when 7-Zip is ran with Admin privileges for this vulnerability to be succesfully exploited. This is because it the 7-zip process creates a symlink, which is a privileged operation on windows. 

Hence the exploitation only makes sense when 7-Zip is used by a service account.

You can find more info about the vulnerability in my blog post [https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html](https://pacbypass.github.io/2025/10/16/diffing-7zip-for-cve-2025-11001.html)

Vulnerable versions: 21.02 - 25.00
File Snapshot

 [4.0K]  /data/pocs/f86ef533bcaee90309643a6ef0568de437679ec6
├── [2.3K]  exploit.py
└── [ 751]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.