CVE-2025-63371 is a directory traversal vulnerability identified in the ZIP file extraction functionality of OneCommander version 3.102.0.0, a Windows-based file management tool developed by Milos Paripovic. The vulnerability arises because the software does not properly sanitize or validate file paths within ZIP archives before extraction. An attacker can craft a malicious ZIP archive containing file paths with directory traversal sequences (e.g., '../') that cause files to be extracted outside the intended directory, potentially overwriting critical system or application files. This can lead to unauthorized file modification, privilege escalation, or arbitrary code execution if the overwritten files are executable or configuration files. The vulnerability does not require authentication or user interaction beyond opening or extracting the ZIP file with the vulnerable OneCommander version. Although no public exploits have been reported yet, the flaw is significant due to the common use of ZIP archives and the potential for automated exploitation. No CVSS score has been assigned, and no patches have been published at the time of disclosure. The vulnerability was reserved on October 27, 2025, and published on November 19, 2025.

For European organizations, this vulnerability poses a significant risk, especially those that use OneCommander for file management or automated ZIP extraction in business processes. Successful exploitation could lead to unauthorized modification or replacement of critical files, potentially resulting in system instability, data corruption, or execution of malicious code. This could compromise confidentiality, integrity, and availability of affected systems. Organizations handling sensitive data or operating critical infrastructure are at higher risk. The lack of authentication requirement and ease of exploitation increase the threat level. Additionally, supply chain processes that rely on ZIP archives could be targeted to propagate malware or ransomware. The absence of known exploits currently provides a window for proactive mitigation, but the vulnerability could be weaponized rapidly once exploit code becomes available.

1. Monitor vendor communications closely and apply official patches or updates from Milos Paripovic as soon as they are released. 2. Until patches are available, avoid using OneCommander 3.102.0.0 to extract ZIP files from untrusted or unknown sources. 3. Implement file extraction policies that restrict or sandbox ZIP extraction processes to prevent directory traversal effects, such as extracting archives only to isolated directories with strict access controls. 4. Use alternative, secure ZIP extraction tools that properly validate and sanitize file paths within archives. 5. Employ endpoint protection solutions capable of detecting anomalous file writes or modifications outside expected directories. 6. Educate users about the risks of opening ZIP files from untrusted sources and enforce strict email and file transfer scanning policies. 7. Conduct regular audits of critical systems to detect unauthorized file changes that could indicate exploitation attempts.