[內容說明]
7-Zip壓縮軟體近期遭揭露存在兩個高風險等級漏洞CVE-2025-11001及CVE-2025-11002,因程式撰寫不當導致在解壓縮惡意的ZIP檔案時,可能觸發相關漏洞而執行任意程式碼(RCE),進而造成系統的危害,該漏洞影響25.00(不含)之前的版本,建議使用者安裝至最新版本。
[影響平台]
7-Zip 25.00 之前版本
[建議措施]
建議使用者儘快至官方網站更新至最新版本:https://www.7-zip.org/
[參考資料]
1. CVE-2025-11001: https://nvd.nist.gov/vuln/detail/CVE-2025-11001
2. https://cybersecuritynews.com/7-zip-vulnerabilities/
3. https://www.ithome.com.tw/news/172366/
[Content Description]
The 7-Zip compression software has recently been found to contain two high-risk vulnerabilities, CVE-2025-11001 and CVE-2025-11002. Improper programming could trigger these vulnerabilities when decompressing malicious ZIP files, potentially leading to arbitrary code execution (RCE) and system compromise. This vulnerability affects versions prior to 25.00; users are advised to install the latest version.
[Affected Platforms]
7-Zip versions prior to 25.00
[Recommended Actions]
Users are advised to update to the latest version from the official website as soon as possible: https://www.7-zip.org/
[References]
1. CVE-2025-11001: https://nvd.nist.gov/vuln/detail/CVE-2025-11001
2. https://cybersecuritynews.com/7-zip-vulnerabilities/
3. https://www.ithome.com.tw/news/172366/
【資安漏洞預警】7-Zip 存在遠端程式碼執行漏洞(CVE-2025-11001及CVE-2025-11002),請儘速確認並進行修補
[Security Vulnerability Alert] 7-Zip contains remote code execution vulnerabilities (CVE-2025-11001 and CVE-2025-11002). Please confirm and patch them as soon as possible.
公告類別:行政公告
發佈日期:2025/12/01 至 2026/06/01
點閱數:145
返回列表
