The bug was officially patched in version 7 – Zip 25.00, released on July 5, 2025.
The vulnerability is in the RAR5 compression format processor, a common compression standard. When you run into a corrupted archive, 7-Zip tries to “cure” it by filling in a “0” to replace the error. But due to the miscalculation of the memory size required, the software overruled beyond the allowed memory range, resulting in “memory leak” and application crash.
This phenomenon is known as heap buffer overflow, where software writes data beyond the allocated memory limit, leading to uncontrolled behavior and even crashes.
This error does not help hackers control the machine but is extremely dangerous if you accidentally unzip a malicious RAR5 file:
-
7-Zip will close abruptly, disrupting your work.
-
This may affect automatic decompression in large systems, servers, or CI/CD tool chains.
-
In a corporate or high – security environment, this can be a gateway to further exploitation if not well controlled.
Security researchers created a sample file called “rar-crash.rar5” to prove the error, and used the AddSanitizer to detect overwritten data areas. The results showed that 7-Zip was written out of the cache, causing serious errors and turning the program off.
All users of 7-Zip versions 12.97 through before 25.00 can be affected by right-opening malicious RAR5 files. The impact is greater if 7-Zip is used in server systems, CI/CD tools, or in mass file organizations. The risk of remote mining is low but the possibility of DoS attacks (application crashes) is certain, especially if the file is used in an automated process.
Solutions and recommendations for users
- It is recommended that you update to 7-Zip 25.00 or later immediately to avoid exploitation.
- The business may consider:
- Check the archive file before unpacking, especially if it came from an unknown source.
- Sandbox the unzipping process, avoiding errors affecting the main system.
- Log and monitor the automated decompression system for unusual crashes.
