7-Zip has released security updates to address a critical vulnerability (CVE-2025-0411) in their software.

Affected Systems

• 7-Zip, versions prior to 24.09

Security Risks

If successfully exploited, the identified vulnerabilities in the 7-Zip archiving software could enable an attacker to take control of an affected system and carry out malicious activities.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Follow and implement the security updates shared by the vendor and take immediate action to mitigate the risk.

• Since the product does not have an automatic update feature, you will need to download the version suitable for your system from the 7-Zip downloads page.

• Before updating or patching, please ensure that you have the latest backup that can be easily restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• 7-Zip downloads page.

• https://www.zerodayinitiative.com/advisories/ZDI-25-045/