【資安漏洞預警】7-Zip 存在遠端程式碼執行漏洞(CVE-2025-11001及CVE-2025-11002)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】7-Zip 存在遠端程式碼執行漏洞(CVE-2025-11001及CVE-2025-11002)，請儘速確認並進行修補 [Security Vulnerability Alert] 7-Zip contains remote code execution vulnerabilities (CVE-2025-11001 and CVE-2025-11002). Please confirm and patch them as soon as possible.
公告內容	[內容說明] 7-Zip壓縮軟體近期遭揭露存在兩個高風險等級漏洞CVE-2025-11001及CVE-2025-11002，因程式撰寫不當導致在解壓縮惡意的ZIP檔案時，可能觸發相關漏洞而執行任意程式碼(RCE)，進而造成系統的危害，該漏洞影響25.00（不含）之前的版本，建議使用者安裝至最新版本。 [影響平台] 7-Zip 25.00 之前版本 [建議措施] 建議使用者儘快至官方網站更新至最新版本:https://www.7-zip.org/ [參考資料] 1. CVE-2025-11001： https://nvd.nist.gov/vuln/detail/CVE-2025-11001 2. https://cybersecuritynews.com/7-zip-vulnerabilities/ 3. https://www.ithome.com.tw/news/172366/ [Content Description] The 7-Zip compression software has recently been found to contain two high-risk vulnerabilities, CVE-2025-11001 and CVE-2025-11002. Improper programming could trigger these vulnerabilities when decompressing malicious ZIP files, potentially leading to arbitrary code execution (RCE) and system compromise. This vulnerability affects versions prior to 25.00; users are advised to install the latest version. [Affected Platforms] 7-Zip versions prior to 25.00 [Recommended Actions] Users are advised to update to the latest version from the official website as soon as possible: https://www.7-zip.org/ [References] 1. CVE-2025-11001: https://nvd.nist.gov/vuln/detail/CVE-2025-11001 2. https://cybersecuritynews.com/7-zip-vulnerabilities/ 3. https://www.ithome.com.tw/news/172366/
相關訊息
公告時間	2025/12/1 至 2026/6/1	點閱次數	133