Tag Archives: 7zip

October Linux Patch Wednesday

Leave a reply

October Linux Patch Wednesday

October Linux Patch Wednesday. In October, Linux vendors began addressing 801 vulnerabilities, slightly more than in September. Of these, 546 are in the Linux Kernel. One is being exploited in the wild:

🔻 EoP – VMware Tools (CVE-2025-41244). This vulnerability has been exploited since October 2024, and public exploits are available. According to the description, exploitation requires VMware Aria Operations.

Public or suspected exploits exist for 39 more vulnerabilities, including:

🔸 RCE – Redis (CVE-2025-49844 – RediShell, CVE-2025-46817), OpenSSH (CVE-2025-61984), 7-Zip (CVE-2025-11001, CVE-2025-11002)
🔸 EoP – FreeIPA (CVE-2025-7493), Asterisk (CVE-2025-1131)
🔸 SQLi – MapServer (CVE-2025-59431)
🔸 SFB – authlib (CVE-2025-59420)
🔸 MemCor – Binutils (CVE-2025-11082 and 7 more), Open Babel (CVE-2025-10995 and 6 more)

🗒 Full Vulristics report

На русском

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

1 Reply

September In the Trend of VM (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server

September “In the Trend of VM” (#19): vulnerabilities in the WinRAR and 7-Zip archivers, SAP NetWeaver, and TrueConf Server. A traditional monthly roundup – for the first time with NO Microsoft vulnerabilities! 😲🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of eight trending vulnerability IDs in four products:

🔻 Remote Code Execution – WinRAR (CVE-2025-6218, CVE-2025-8088). An exploitable RCE during archive extraction.
🔻 Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999). An exploitable RCE in a component of a popular ERP system.
🔻 Remote Code Execution – 7-Zip (CVE-2025-55188). Mostly a Linux RCE during archive extraction – a public exploit is available.
🔻 Remote Code Execution – TrueConf Server (BDU:2025-10116, BDU:2025-10115, BDU:2025-10114). Critical flaws in Russian videoconferencing system.

На русском

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability

Leave a reply

About Remote Code Execution - 7-Zip (CVE-2025-55188) vulnerability

About Remote Code Execution – 7-Zip (CVE-2025-55188) vulnerability. 7-Zip is a popular open-source archiver. It’s a Windows application, but the project also provides command-line versions for Linux and macOS. The gist of the vulnerability: 7-Zip improperly handles symbolic links and, when extracting a specially crafted archive, can overwrite arbitrary files outside the extraction directory. Sounds like the recent WinRAR vulnerability, right? 😉

🔻 It’s mainly exploited on Linux. Attackers can overwrite SSH keys, startup (autostart) scripts, etc.

🔻 Exploitation is also possible on Windows, but the 7-Zip extraction process must have permission to create symlinks (requires running as Administrator or enabling Developer Mode). 🤔

🩹 The vulnerability was fixed in 7-Zip 25.01, released on August 3.

🛠 The researcher lunbun reported it on Aug 9 and posted a write-up on Aug 28. PoCs have been available on GitHub since Aug 11.

👾 No signs of in-the-wild exploitation so far.

На русском

August Linux Patch Wednesday

Leave a reply

August Linux Patch Wednesday

August Linux Patch Wednesday. I’m late with this LPW since I was improving the generation of LPW bulletin lists and the operation of Vulristics. 🙂 In August, Linux vendors addressed 867 vulnerabilities, nearly twice July’s total, including 455 in the Linux Kernel. One vulnerability is confirmed exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6558) – an exploited SFB in Chromium for the fourth month in a row. 🙄

Public exploits are available or suspected for 72 (❗️) vulnerabilities. The most important are:

🔸 RCE – WordPress (CVE-2024-31211) – from last year, but recently fixed in Debian; Kubernetes (CVE-2025-53547), NVIDIA Container Toolkit (CVE-2025-23266), Kafka (CVE-2025-27819)
🔸 Command Injection – Kubernetes (CVE-2024-7646)
🔸 Code Injection – PostgreSQL (CVE-2025-8714/8715), Kafka (CVE-2025-27817)
🔸 Arbitrary File Writing – 7-Zip (CVE-2025-55188)

🗒 Full Vulristics report

На русском

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

Leave a reply

June In the Trend of VM (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. 🙂

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

A total of 7 trending vulnerabilities:

🔻 Elevation of Privilege – Microsoft DWM Core Library (CVE-2025-30400)
🔻 Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706)
🔻 Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475)
🔻 Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)
🔻 Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443)
🔻 Remote Code Execution – 7-Zip (BDU:2025-01793)

На русском

About Remote Code Execution – 7-Zip (BDU:2025-01793) vulnerability

Leave a reply

About Remote Code Execution - 7-Zip (BDU:2025-01793) vulnerability

About Remote Code Execution – 7-Zip (BDU:2025-01793) vulnerability. It’s about the fact that files unpacked using 7-Zip don’t get the Mark-of-the-Web. As a result, Windows security mechanisms don’t block the execution of the unpacked malware. If you remember, there was a similar vulnerability in January – CVE-2025-0411. The problem was with running files from the 7-Zip UI, and a fix has been released. But in this case, the problem is with fully unpacked archives — and the developers aren’t planning to fix it! 🤷‍♂️

Igor Pavlov, the author of the utility, responded to our colleague Konstantin Dymov that not assigning the Mark-of-the-Web by default is intentional behavior. They don’t plan to change the default settings. To have the Mark-of-the-Web applied, you need to set “” to “”.

If 7-Zip is used in your organization, be aware of this insecure default behavior. Apply hardening measures or switch to a different tool.

На русском

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

Leave a reply

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:23 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
🔻 01:35 Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468)
🔻 02:38 Remote Code Execution – Windows OLE (CVE-2025-21298)
🔻 03:55 Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
🔻 05:02 Authentication Bypass – FortiOS/FortiProxy (CVE-2024-55591)
🔻 06:16 Remote Code Execution – 7-Zip (CVE-2025-0411)
🔻 07:27 Should a VM specialist be aware of what is happening in the Darknet?
🔻 08:48 About the digest of trending vulnerabilities

На русском