A critical security flaw (CVE-2025-11001, CVSS 7.0) in 7-Zip is being actively exploited in the wild, allowing remote attackers to execute arbitrary code via malicious ZIP files. The vulnerability stems from improper handling of symbolic links, enabling directory traversal attacks. While exploitation requires elevated privileges (e.g., service accounts or Windows Developer Mode), proof-of-concept (PoC) exploits are publicly available, increasing risk. The flaw, patched in 7-Zip 25.00 (July 2025), affects versions since 21.02. Though no specific attack details (actor, method, or scale) have been disclosed, the UK’s NHS England Digital issued an advisory urging immediate updates. Failure to patch could lead to unauthorized system access, data breaches, or lateral movement within networks. The vulnerability’s active exploitation heightens urgency, particularly for organizations relying on 7-Zip for file compression/decompression, as attackers could weaponize it for broader campaigns (e.g., malware delivery, ransomware pre-staging).