CVE-2025-53817 – A null pointer dereference vulnerability in 7-Z... (How to Fix)

📋 TL;DR

A null pointer dereference vulnerability in 7-Zip's Compound Document handler allows attackers to cause denial of service by crashing the application when processing specially crafted archives. This affects all users of 7-Zip versions prior to 25.0.0 who extract files from malicious archives.

💻 Affected Systems

Products:

7-Zip

Versions: All versions prior to 25.0.0

Operating Systems: Windows, Linux, macOS, All platforms where 7-Zip runs

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the Compound Document handler, which is enabled by default. Only affects extraction operations, not compression.

📦 What is this software?

7 Zip by 7 Zip

View all CVEs affecting 7 Zip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to denial of service, potentially disrupting automated workflows or batch processing systems that rely on 7-Zip.

🟠

Likely Case

Application crash when processing malicious archives, requiring manual restart of the 7-Zip process or affected application.

🟢

If Mitigated

No impact if patched version is used or if malicious archives are blocked before processing.

🌐 Internet-Facing: MEDIUM - Attackers could host malicious archives online, but exploitation requires user interaction to download and extract.

🏢 Internal Only: LOW - Requires local access to place malicious archives or social engineering to get users to extract them.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub Security Lab advisory. Exploitation requires user to extract a malicious archive.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.0.0

Vendor Advisory: https://www.7-zip.org/history.txt

Restart Required: No

Instructions:

1. Download 7-Zip 25.0.0 or later from https://www.7-zip.org/download.html
2. Install the new version over existing installation
3. Verify version with '7z' command or About dialog

🔧 Temporary Workarounds

Disable Compound Document extraction

all

Remove or disable Compound Document format support in 7-Zip configuration

Not directly configurable via command line. Requires modifying source code or using alternative archive tools.

Use alternative archive tools

all

Temporarily use other archive software like WinRAR, PeaZip, or built-in OS archive utilities

🧯 If You Can't Patch

Implement application allowlisting to block execution of 7-Zip versions below 25.0.0
Deploy endpoint protection to detect and block malicious archive files before extraction

🔍 How to Verify

Check if Vulnerable:

Check 7-Zip version: '7z' command on Linux/macOS or right-click 7-Zip in Windows and select 'About'

Check Version:

7z | grep Version (Linux/macOS) or '7z' in command prompt (Windows)

Verify Fix Applied:

Confirm version is 25.0.0 or higher using version check methods above

📡 Detection & Monitoring

Log Indicators:

Application crash logs from 7-Zip process
Unexpected termination of 7-Zip in system logs

Network Indicators:

Downloads of suspicious archive files with unusual extensions or from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName='7z*.exe' OR '7z' (Windows Event Log)

📊 Metadata

CVE ID: CVE-2025-53817

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.11% exploit probability (30.1th percentile)

Published: July 17, 2025

Last Updated: November 4, 2025

🔗 References

https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/ Exploit,Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/07/18/2 Exploit,Mailing List
http://www.openwall.com/lists/oss-security/2025/07/18/2

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53817, you might also want to check these: