ZDI-25-949: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
Zero Day Initiative Advisories (published)
2025-10-07 13:00:00
收藏
This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2025-11001.
目录
最新
- ZDI-25-954: (0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability
- ZDI-25-955: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-25-956: (0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability
- ZDI-25-953: Microsoft Windows TAR File Parsing NTLM Relay Vulnerability
- ZDI-25-952: Ivanti Endpoint Manager UniqueFilename Unrestricted File Upload Remote Code Execution Vulnerability
- ZDI-25-951: Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability
- ZDI-25-948: Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability
- ZDI-25-949: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability