CVE-2025-11002 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-11002 Interim 1 2 2026-03-05T01:27:04Z current 2025-11-01T01:00:14Z 2026-03-05T01:27:04Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-11002 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP6-LTSS SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server Teradata 12 SP3 SUSE Linux Enterprise Server Teradata 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server for SAP applications 16.0 openSUSE Leap 15.6 7zip p7zip p7zip-doc p7zip-full 7zip as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS p7zip as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS p7zip-full as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS 7zip as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS p7zip as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS p7zip-full as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS 7zip as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 p7zip as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 p7zip-full as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 p7zip as a component of SUSE Linux Enterprise Server 12 SP2-LTSS p7zip as a component of SUSE Linux Enterprise Server 12 SP4-LTSS p7zip as a component of SUSE Linux Enterprise Server 12 SP5-LTSS p7zip as a component of SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security p7zip as a component of SUSE Linux Enterprise Server 15 SP1-LTSS p7zip as a component of SUSE Linux Enterprise Server 15 SP2-LTSS p7zip-full as a component of SUSE Linux Enterprise Server 15 SP2-LTSS p7zip as a component of SUSE Linux Enterprise Server 15 SP3-LTSS p7zip-full as a component of SUSE Linux Enterprise Server 15 SP3-LTSS 7zip as a component of SUSE Linux Enterprise Server 15 SP4-LTSS p7zip as a component of SUSE Linux Enterprise Server 15 SP4-LTSS p7zip-full as a component of SUSE Linux Enterprise Server 15 SP4-LTSS 7zip as a component of SUSE Linux Enterprise Server 15 SP5-LTSS p7zip as a component of SUSE Linux Enterprise Server 15 SP5-LTSS p7zip-full as a component of SUSE Linux Enterprise Server 15 SP5-LTSS 7zip as a component of SUSE Linux Enterprise Server 15 SP6-LTSS p7zip as a component of SUSE Linux Enterprise Server 15 SP6-LTSS p7zip-full as a component of SUSE Linux Enterprise Server 15 SP6-LTSS 7zip as a component of SUSE Linux Enterprise Server 16.0 p7zip as a component of SUSE Linux Enterprise Server Teradata 12 SP3 7zip as a component of SUSE Linux Enterprise Server Teradata 15 SP4 p7zip as a component of SUSE Linux Enterprise Server Teradata 15 SP4 7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 p7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 p7zip-full as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 p7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 p7zip-full as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 p7zip as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 p7zip-full as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP6 7zip as a component of SUSE Linux Enterprise Server for SAP applications 16.0 7zip as a component of openSUSE Leap 15.6 p7zip as a component of openSUSE Leap 15.6 p7zip-doc as a component of openSUSE Leap 15.6 p7zip-full as a component of openSUSE Leap 15.6 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743. CVE-2025-11002 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:7zip SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:7zip SUSE Linux Enterprise Module for Basesystem 15 SP7:7zip SUSE Linux Enterprise Server 15 SP4-LTSS:7zip SUSE Linux Enterprise Server 15 SP5-LTSS:7zip SUSE Linux Enterprise Server 15 SP6-LTSS:7zip SUSE Linux Enterprise Server 16.0:7zip SUSE Linux Enterprise Server Teradata 15 SP4:7zip SUSE Linux Enterprise Server for SAP Applications 15 SP4:7zip SUSE Linux Enterprise Server for SAP Applications 15 SP5:7zip SUSE Linux Enterprise Server for SAP Applications 15 SP6:7zip SUSE Linux Enterprise Server for SAP applications 16.0:7zip openSUSE Leap 15.6:7zip important 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H