CVE-2025-55188: 
7-Zip vulnerability analysis and mitigation

CVE-2025-55188 affects 7-Zip versions prior to 25.01, where the application does not properly handle symbolic links during extraction. The vulnerability was discovered in August 2025 and affects all platforms where 7-Zip is deployed, including Linux, Windows, and macOS systems (OSS Security, NVD).

The vulnerability stems from improper handling of symbolic links during archive extraction. The issue has been assigned a CVSS v3.1 base score of 3.6 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N. However, the security researcher who discovered the vulnerability has indicated that this score may be underreported (OSS Security).

When exploited, this vulnerability allows for arbitrary file write capabilities, which could potentially lead to unauthorized code execution. On Linux systems, the vulnerability can be exploited more readily, while on Windows systems, additional conditions such as administrator privileges or Developer Mode are required for exploitation (OSS Security).

The vulnerability has been fixed in 7-Zip version 25.01. The update includes changes to the code for handling symbolic links to provide greater security when extracting files from archives. For users who need to bypass the security checks, a new command line switch -snld20 has been introduced (7-Zip Release).