CVE-2025-55188
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-55188. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
Available Exploits
Related News
Posted by Jens-Wolfhard Schicke-Uffmann on Aug 13Never forget terminal escape codes. At least the 7-Zip my debian has dumps the raw filename in those error messages. This allows an attacker to clean the specific error lines after they have been output (with a…
Posted by lunbun on Aug 11I disagree that users are only at risk in the "most targeted scenarios." I do agree that these error messages, in most cases, prevent a total brute force. However, I believe that an attacker may reasonably guess that a user will extr…
Posted by Vincent Lefevre on Aug 11There are other issues with /tmp. If I understand correctly, the attacker could create /tmp/config.guess and /tmp/install-sh executable files. Then if the user compiles a libtool-based library under a subdirectory of /tmp, o…
Posted by Jacob Bachmeyer on Aug 11This at least prevents this from being a "silent" attack in all but the most targeted scenarios---and in those cases, the attacker probably already has another way in. If the link cannot be overwritten (another entry in t…
Posted by lunbun on Aug 11If a symlink targets a nonexistent directory, the write will fail. 7-Zip by default will print an error message, like: ``` ERROR: Cannot open output file : errno=2 : No such file or directory : ./malicious_link/file.txt ``` This app…
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: August 18, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: August 8, 2025, Modified: August 18, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (13/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2024-53141](https://nvd.nist.gov/vuln/detail/CVE-2024-53141)** - 📝 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values …
🔥 Top 10 Trending CVEs (12/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-32724](https://nvd.nist.gov/vuln/detail/CVE-2025-32724)** - 📝 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability - 📅 **Published:** 10/06/2025 - 📈 **CVSS:** 7.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ …
🔥 Top 10 Trending CVEs (11/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49760](https://nvd.nist.gov/vuln/detail/CVE-2025-49760)** - 📝 Windows Storage Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 3.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ **Priority:** 4 - 📝 **Analysis:** A …