7-Zip has two dangerous security flaws: how to secure your Windows PC

Two new vulnerabilities identified in the famous open source program 7-Zip they can put the integrity of Windows at risk. According to what is reported in the program ZDI (Zero Day Initiative) Of Trend Microdefects – cataloged with codes CVE-2025-11001 And CVE-2025-11002 – allow, under certain conditions, the execution of arbitrary code, i.e. the launching of unauthorized commands on the system simply by opening or extracting a specially modified ZIP archive. Both flaws stem from the way 7-Zip handles i symbolic links (also called symlink), which are special files that serve as shortcuts to other directories or resources. A malicious archive can thus “escape” the extraction folder and write files to sensitive system paths, with the possibility of altering and compromising the functioning of Windows, at least potentially. The two faults received a score CVSS (an index that measures the severity of a vulnerability) of 7 out of 10considered high. To resolve this, you need to update the application to the latest version available.

7-Zip updates to close two serious security flaws

The fixes were introduced as early as July 5th last by the developer of 7-Zip, Igor Pavlovwhich released the version 25.00 of the software, but the official disclosure of the problem only arrived on October 7 last, leaving many users unaware of the risk and vulnerable to possible cyber attacks. So long as 7-Zip does not have an automatic update mechanismmillions of installations remain vulnerable today.

If you use a version prior to 25.00, all you have to do is fix it manually download and install the latest release from the official websitethe one bearing the number of version 25.01 (and soon we will explain how to do it). For the record, this build also includes bug fixes and minor issues related to the management of RAR and COM archives, although the main reason for installing it remains to close the two security holes.

It is not the first time that 7-Zip has ended up at the center of similar reports. In early 2025, another vulnerability had emerged, classified as CVE-2025-0411which allowed the system to be circumvented Mark-of-the-Web of Windows, a mechanism that marks files downloaded from the Internet as potentially dangerous. Even in that case the problem was solved with a later version, the 24.09.

How to update 7-Zip to the latest version available

Returning to the two vulnerabilities we focused on in the article, here are the steps to follow update 7-Zip to the latest version available.

1. Close 7-Zip if it is currently running, so as to avoid conflicts during the update.
2. Go to the 7-Zip official download pageavailable at this link.
3. Click on the link Downloads corresponding to the version suitable for your operating system: 64-bit Windows x64 for 64-bit Windows (the most common), 32-bit Windows x86etc.
4. Download the installation file corresponding and, if you want greater security, carry out a quick antivirus scan of the downloaded file.
5. Run the .exe files double-click and confirm administrator permissions when prompted.
6. The setup program will detect the previous version and propose the update while maintaining the existing settings: click on Install > Close.
7. Restart 7-Zip and check the update by opening the menu Help > About 7-Zipmaking sure the current version is now the 25.01.