NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability
The Hacker News
Summary
The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.
Impact
7-Zip software, specifically versions affected by CVE-2025-11001.
In the Wild
No
Timeline
Disclosed on November 20, 2025
Remediation
Users are advised to update to the latest version of 7-Zip to mitigate the risk associated with this vulnerability. Additionally, monitoring for any updates from the vendor regarding patches or security advisories is recommended.