Skip to content
Auto-CTI
Back to today
NEW HIGH A3

[UPDATE] 7-Zip: Vulnerability Allows Bypassing Security Measures

A BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

A critical vulnerability in 7-Zip enables bypassing security measures, which in production environments could lead to uncontrolled data manipulation.

Description

The identified vulnerability in 7-Zip enables a remote, anonymous attacker to bypass implemented security measures and potentially manipulate data. The archiving tool is used in many organizations for backup, file transfer, and software distribution processes. The vulnerability affects the integrity of archived data and could be exploited in supply-chain scenarios (e.g., manipulated software archives). A patch or update recommendation from the vendor should be reviewed and implemented promptly.

Risk score

20
cvss base
0.00
kev bonus
0.00
epss bonus
0.00
poc bonus
0.00
raw before weight
0.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC