CVE-2025-55188
Published: August 8, 2025
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
LOW
CVSS v3: 3.6
CVSS v3: 3.6
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 25.3 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 25.2 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 25.1.1 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 25.1 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.4 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.4.0 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.3 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.2.1 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.2 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 24.1 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 23.3 | 7-zip (23.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 23.2.1 | 7-zip (17.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 23.2 | 7-zip (17.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 23.1 | 7-zip (17.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
| 22.4 | 7-zip (17.01) | Not Affected | Protected At Runtime | Document Filters is not affected because the vulnerable code path is never invoked. The product requires callers to provide an explicit, validated extraction path and does not use p7zip to directly create files on the system. These runtime protections prevent exploitation of the symbolic link handling issue. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
NONE
Base Score
3.6
Base Severity
LOW
Confidentiality Impact
NONE
Integrity Impact
LOW
Privileges Required
NONE
Scope
CHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Version
3.1