7-Zip <25.0.0 RAR5 Handler Zero-Byte MemCorrupt & DoS
CVE-2025-53816 Published on July 17, 2025
GHSL-2025-058 - 7-Zip Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2025-53816
stack.watch emails you whenever new vulnerabilities are published in 7Zip 7 Zip or Oracle. Just hit a watch button to start following.
Affected Versions
ipavlov 7-Zip Version < 25.0.0 is affected by CVE-2025-53816Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.