Is your PC currently exposed to the critical 7-Zip exploit found in AMD drivers?

Have you manually updated the hidden WinRAR security flaws actively targeted by hackers?

Critical Security Alert: Patching 7-Zip and WinRAR Vulnerabilities

Immediate action is required from system administrators and individual users regarding two critical vulnerabilities affecting widespread archiving software. Threat actors are actively exploiting older versions of 7-Zip and WinRAR. This risk is compounded by third-party vendors, specifically AMD, distributing outdated and vulnerable binaries within their latest driver packages. This advisory outlines the technical nature of these threats (CVE-2025-11001 and CVE-2025-6218) and prescribes necessary mitigation steps.

The 7-Zip Vulnerability (CVE-2025-11001)

Threat Analysis

Active attacks have been confirmed in the wild targeting a high-severity flaw in 7-Zip versions prior to 25.x. This vulnerability, tracked as CVE-2025-11001, carries a CVSS 3.1 Base Score of 7.0.

The core issue involves a file parsing directory traversal flaw within the ZIP extractor engine. Specifically, the software mishandles symbolic links contained within malicious ZIP files.

• The Mechanism: When a user extracts a specially crafted ZIP archive, the parsing engine fails to properly sanitize file paths.
• The Consequence: This allows the process to write data to unintended directories outside the target extraction folder.
• The Impact: Remote attackers can achieve Remote Code Execution (RCE), running malicious scripts in the context of the service account or user performing the extraction.

The AMD Driver Complication

While the 7-Zip developer released a patch (version 25.x) in July 2025, a significant supply chain risk remains. AMD’s Adrenalin Radeon driver update, version 25.12.1 (released December 10, 2025), continues to bundle vulnerable versions of 7z.dll and 7z.exe (v24.09).

Users installing these official drivers effectively downgrade their security posture by reintroducing vulnerable binaries to the system.

Action Item: AMD users must inspect and manually replace 7-Zip binaries located in:

1. C:\Program Files\AMD\AMDInstallManager
2. C:\Program Files\AMD\CIM\Bin64
3. C:\Program Files\AMD\CNext\CNext

The WinRAR Vulnerability (CVE-2025-6218)

Threat Analysis

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical WinRAR vulnerability to its Known Exploited Vulnerabilities Catalog. Identified as CVE-2025-6218, this flaw affects WinRAR version 7.11 (64-bit) and prior.

Similar to the 7-Zip issue, this is a Directory Traversal Remote Code Execution vulnerability.

• The Vector: User interaction is required. The victim must open a malicious file or interact with a compromised website.
• The Mechanism: The vulnerability stems from improper validation of file paths within RAR archives.
• The Impact: Attackers can execute arbitrary code with the same privileges as the logged-in user.

Current Status

Despite being identified in June 2025, active exploitation by multiple threat groups surged in December 2025. This prompted the urgent CISA listing. Since standard auto-updates may not catch every installation instance, manual verification of the installed WinRAR version is mandatory.

Recommendations and Mitigation

To secure your environment against these active threats, implement the following steps immediately:

1. Verify Versions: Ensure your standalone 7-Zip installation is version 25.x or higher and WinRAR is updated beyond version 7.11.
2. Audit Third-Party Directories: Specifically for AMD GPU users, navigate to the installation directories listed above. Manually overwrite the old 7z.dll and 7z.exe files with the patched versions from the official 7-Zip release.
3. User Education: Advise staff and peers to exercise extreme caution when downloading archives from untrusted sources, as the exploit requires user interaction (opening the file).