7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

This repository contains a proof-of-concept exploit for CVE-2025-11001, a critical path traversal and remote code execution vulnerability in 7-Zip (prior to version 25.00) and p7zip. The main file, CVE-2025-11001.py, is a Python script that generates a malicious ZIP archive. The script takes user input for the output ZIP file, the symlink target (typically a sensitive file path on the victim's system), and a local file to embed (such as an executable or script). The crafted ZIP contains a directory, a symlink pointing to the attacker-specified path, and the embedded file placed under the symlink. When a vulnerable version of 7-Zip or p7zip extracts this ZIP, the symlink can cause the embedded file to be written to an arbitrary location, potentially leading to code execution. The README provides detailed usage instructions, affected platforms, and mitigation advice. No network endpoints are involved; the attack vector is local, requiring the victim to extract the malicious ZIP file.

This repository provides a Python proof-of-concept exploit for CVE-2025-11001, a vulnerability in 7-Zip (Windows, builds < 25.0) that allows arbitrary file write via symlink path traversal when extracting crafted ZIP archives. The exploit consists of a single main script (exploit/src/main.py) that reads configuration from a TOML file (exploit/resource/config.toml), specifying the output archive, source directory, target directory (to overwrite), and the payload file. The script creates a ZIP archive containing a symlink and a payload file such that, when extracted with a vulnerable 7-Zip version, the payload overwrites the specified target file (e.g., calc.exe in System32). The repository is structured with a clear separation of code, configuration, and documentation, and is intended for research and demonstration purposes only. No network endpoints are involved; the attack vector is local, requiring the victim to extract the malicious archive.

This repository contains a proof-of-concept exploit for CVE-2025-11001, a critical directory traversal and remote code execution vulnerability in 7-Zip (< 25.00) and unpatched p7zip on Linux. The main file, CVE-2025-11001.py, is a Python script that generates a malicious ZIP archive. The script allows the user to specify a symlink target (e.g., a sensitive or executable path on the victim's system) and an arbitrary file to embed. The resulting ZIP contains a directory, a symlink entry pointing to the attacker-specified path, and the embedded file placed under the symlink. When a vulnerable version of 7-Zip extracts this ZIP, the symlink can cause the embedded file to be written to an arbitrary location, potentially leading to code execution. The README.md provides detailed usage instructions, affected platforms, and mitigation advice. No network endpoints are involved; the attack is local and relies on user interaction with the crafted ZIP file.

This repository contains a proof-of-concept exploit for CVE-2025-11001, a critical directory traversal and remote code execution vulnerability in 7-Zip (< 25.00) and unpatched p7zip on Linux. The main file, CVE-2025-11001.py, is a Python script that generates a malicious ZIP archive. The script allows the user to specify a symlink target (e.g., a sensitive or executable path on the victim's system) and an arbitrary file to embed. The resulting ZIP contains a directory, a symlink entry pointing to the attacker-specified path, and the embedded file placed under the symlink. When a vulnerable version of 7-Zip extracts this ZIP, the symlink can cause the embedded file to be written to an arbitrary location, potentially leading to code execution. The README.md provides detailed usage instructions, affected platforms, and mitigation advice. No network endpoints are involved; the attack is local and relies on user interaction with the crafted ZIP file.

This repository contains a proof-of-concept exploit for CVE-2025-11001, a vulnerability in 7-Zip (versions 21.02 - 25.00) on Windows. The exploit consists of a single Python script (exploit.py) and a README.md with usage instructions. The script crafts a ZIP archive containing a directory, a symlink (pointing to a user-specified path), and an embedded payload file (such as an executable). When this ZIP is extracted by a vulnerable 7-Zip process running with Administrator privileges, the symlink can be abused to write the payload file to an arbitrary location, potentially leading to privilege escalation or arbitrary file write. The exploit is only effective on Windows and requires 7-Zip to be run as Administrator, which is typically the case for service accounts. No network endpoints are involved; the attack vector is local file system manipulation via ZIP extraction. The repository is well-structured, with clear usage instructions and a single exploit script.

This repository contains a proof-of-concept exploit for CVE-2025-11001, a high-severity directory traversal vulnerability in 7-Zip versions prior to 25.00 on Windows. The exploit is implemented in a single Python script (cve-2025-11001.py) that constructs a malicious ZIP archive containing a crafted symlink entry. When this archive is extracted by a vulnerable version of 7-Zip running with Administrator privileges, it writes an attacker-supplied payload (such as a malicious executable) to an arbitrary directory (e.g., C:\Windows\System32) on the victim's system. This can result in remote code execution if the payload is subsequently executed. The repository also includes a README.md with detailed usage instructions and vulnerability context, and a LICENSE file. The exploit requires the attacker to supply a payload file and specify the target directory for the file drop. No network endpoints are involved; the attack vector is local, relying on user interaction (archive extraction).

This repository contains a proof-of-concept exploit for CVE-2025-11001, a vulnerability in 7-Zip (versions 21.02 - 25.00) on Windows. The exploit consists of a single Python script (exploit.py) and a README.md with usage instructions. The script crafts a ZIP archive containing a directory, a symlink (pointing to a user-specified path), and an embedded payload file (such as an executable). When this ZIP is extracted by a vulnerable 7-Zip process running with Administrator privileges, the symlink can be abused to write the payload file to an arbitrary location, potentially leading to privilege escalation or arbitrary file write. The exploit is only effective on Windows and requires 7-Zip to be run as Administrator, which is typically the case for service accounts. No network endpoints are involved; the attack vector is local file system manipulation via ZIP extraction. The repository is well-structured, with clear usage instructions and a single exploit script.

This repository contains a proof-of-concept exploit for CVE-2025-11001, a vulnerability in 7-Zip on Windows. The exploit consists of a single Python script (exploit.py) and a README.md file. The script generates a specially crafted ZIP archive containing a directory, a symlink, and an attacker-supplied file (such as an executable). When this ZIP is extracted by 7-Zip running with Administrator privileges, the symlink can be abused to place the embedded file at an arbitrary location on the system, potentially leading to privilege escalation or code execution. The exploit is only effective on Windows and requires 7-Zip to be run as an administrator, which is typically the case for service accounts. The repository is structured simply, with the Python script as the main entry point and the README providing usage instructions and caveats.