CVE-2025-53817

7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/	Exploit Third Party Advisory
https://www.openwall.com/lists/oss-security/2025/07/18/2	Exploit Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*

History

21 Aug 2025, 19:34

Type	Values Removed	Values Added
First Time		7-zip 7-zip 7-zip
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/ -~~	() https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/ - Exploit, Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2025/07/18/2 -~~	() https://www.openwall.com/lists/oss-security/2025/07/18/2 - Exploit, Mailing List
CPE		cpe:2.3:a:7-zip:7-zip::::::::

18 Jul 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) 7-Zip es un archivador de archivos con una alta tasa de compresión. Permite la extracción de documentos compuestos. Antes de la versión 25.0.0, una desreferencia de puntero nulo en el controlador compuesto podía provocar una denegación de servicio. La versión 25.0.0 corrige este problema.
References		() https://www.openwall.com/lists/oss-security/2025/07/18/2 -

17 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 19:15

Updated : 2025-08-21 19:34

NVD link : CVE-2025-53817

Mitre link : CVE-2025-53817

CVE.ORG link : CVE-2025-53817

JSON object : View

Products Affected

7-zip

7-zip

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-53817", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-17T19:15:25.327", "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.openwall.com/lists/oss-security/2025/07/18/2", "tags": ["Exploit", "Mailing List"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the issue."}, {"lang": "es", "value": "7-Zip es un archivador de archivos con una alta tasa de compresi\u00f3n. Permite la extracci\u00f3n de documentos compuestos. Antes de la versi\u00f3n 25.0.0, una desreferencia de puntero nulo en el controlador compuesto pod\u00eda provocar una denegaci\u00f3n de servicio. La versi\u00f3n 25.0.0 corrige este problema."}], "lastModified": "2025-08-21T19:34:06.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309F5F49-CD93-4F51-B45D-F8E29B5C14E3", "versionEndExcluding": "25.00"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}