Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: 7zip Critical Directory Traversal RCE CVE-2025-11001

fedora
Calendar Grey November 27, 2025
Dist Fedora Esm H88
Critical updates for 7zip in Fedora 43 addressing CVE-2025-11001, preventing password echoing in encrypted archives.
Various CVE fixes, most importantly CVE-2025-11001 This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not e...

Summary

7-Zip is a file archiver with a high compression ratio. The main features

of 7-Zip are:

* High compression ratio in 7z format with LZMA and LZMA2 compression

* Supported formats:

* Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM

* Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,

GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2,

RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z.

* For ZIP and GZIP formats, 7-Zip provides a compression ratio that is

2-10 % better than the ratio provided by PKZip and WinZip

* Strong AES-256 encryption in 7z and ZIP formats

* Powerful command line version

Update Information:

Various CVE fixes, most importantly CVE-2025-11001 This also backports the Debian patch (PR unfortunately stalled upstream, with no communication from upstream developers) to not echo passwords when dealing with encrypted archives.

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution CVE fixes file archiver

Change Log

* Wed Nov 26 2025 Michel Lind - 25.01-1 - Update to 25.01 - 25.00+ fixes CVE-2025-11001; Resolves: rhbz#2416011 - Backport Debian patch to disable echo-ing password; Resolves: rhbz#2412315

References


[ 1 ] Bug #2376517 - 7zip-25.01 is available https://bugzilla.redhat.com/show_bug.cgi?id=2376517 [ 2 ] Bug #2381822 - CVE-2025-53817 7zip: 7-Zip Null pointer array write [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2381822 [ 3 ] Bug #2381825 - CVE-2025-53816 7zip: 7-Zip heap buffer overflow [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2381825 [ 4 ] Bug #2387643 - CVE-2025-55188 7zip: 7-Zip Symbolic Link Extraction Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2387643 [ 5 ] Bug #2412315 - 7z echoes a supplied password https://bugzilla.redhat.com/show_bug.cgi?id=2412315 [ 6 ] Bug #2416899 - CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2416899 [ 7 ] Bug #2416900 - CVE-2025-11001 7zip: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability [fed...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b6422d64f9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: 7zip
Product: Fedora 43
Version: 25.01
Release: 1.fc43
URL: https://7-zip.org
Summary: A file archiver

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution CVE fixes file archiver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here