Summary
A fixed vulnerability exists in the popular open source file compression and archiving software 7-Zip. This vulnerability could be exploited by a remote attacker to execute arbitrary code on affected devices.
Risk
Estimate of the impact of the vulnerability on the reference community: Medium (62.82)
Type
- Arbitrary Code Execution
Affected products and/or versions
- 7-Zip, versions prior to 24.09
Mitigation actions
In line with the vendor’s statements, it is recommended to update the vulnerable products following the indications of the security bulletin reported in the References section.
References
https://www.zerodayinitiative.com/advisories/ZDI-25-045/
https://7-zip.org/download.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
