7-Zip <25.01: Symlink Extraction Vulnerability (LFI)
CVE-2025-55188 Published on August 8, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
Weakness Type
What is an insecure temporary file Vulnerability?
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2025-55188 has been classified to as an insecure temporary file vulnerability or weakness.
Products Associated with CVE-2025-55188
Want to know whenever a new CVE is published for 7Zip 7 Zip? stack.watch will email you.
Affected Versions
7-Zip:- Before 25.01 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.