{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T08:03:46.058","vulnerabilities":[{"cve":{"id":"CVE-2025-11002","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-01-23T04:16:00.553","lastModified":"2026-02-26T20:03:49.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26743."},{"lang":"es","value":"Vulnerabilidad de ejecución remota de código por salto de directorio en el análisis de archivos ZIP de 7-Zip. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en instalaciones afectadas de 7-Zip. Se requiere interacción con este producto para explotar esta vulnerabilidad, pero los vectores de ataque pueden variar dependiendo de la implementación.\n\nLa falla específica existe en el manejo de enlaces simbólicos en archivos ZIP. Datos manipulados en un archivo ZIP pueden hacer que el proceso se desplace a directorios no deseados. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de una cuenta de servicio. Fue ZDI-CAN-26743."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:7-zip:7-zip:24.09:*:*:*:*:*:*:*","matchCriteriaId":"B0CE235C-0238-4BFD-A447-9B83469F6598"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-25-950/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory"]}]}}]}