AI description
CVE-2025-1240 is a remote code execution vulnerability in WinZip stemming from improper validation of user-supplied data during the parsing of 7Z files. Exploitation requires user interaction, such as opening a malicious 7Z file or visiting a malicious webpage. The vulnerability allows attackers to execute arbitrary code in the context of the current process. This vulnerability, identified in versions of WinZip prior to 29.0, can be mitigated by upgrading to version 29.0 or later. The flaw is an out-of-bounds write issue, where data written past the allocated buffer can be leveraged for code execution. The vulnerability was reserved and published on 2025-02-11 and was reported by ZDI.
- Description
- WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-787
- Hype score
- Not currently trending
Nueva vulnerabilidad en WinZip v28 Ejecución de comandos 😅 CVE-2025-1240 - Gravedad 7.8 🚨 https://t.co/SU5XsbZltv
@ContandoBits_
18 Feb 2025
91 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
В WinZip обнаружена уязвимость (CVE-2025-1240), позволяющая удалённо выполнить произвольный код через парсинг файлов 7Z. Подробнее https://t.co/mdC4pejxf4 https://t.co/gtp3nn3jVh
@KZCERT
17 Feb 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Una vulnerabilidad en WinZip abre la puerta a la ejecución remota de código ⚠️ CVE-2025-1240 https://t.co/i9d5wVpBD2
@elhackernet
15 Feb 2025
3194 Impressions
16 Retweets
44 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-1240 impacts WinZip with an RCE #CVE-2025-1240 #WinZip https://t.co/f3LgnO8nyY
@pravin_karthik
15 Feb 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2025-1240 برای Winzip منتشر شده است که باعث RCE می شود. نمره این آسیب پذیری 7.8 بوده و برای پیشگیری و مقابله با این تهدید به نسخه WinZip 29.0 و بالاتر به روز رسانی نمایید. https://t.co/Poz3aKY03t https://t.co/khZJKxvH8I
@AmirHossein_sec
15 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in WinZip (CVE-2025-1240) could allow remote code execution via malicious 7Z files. Upgrade to version 29.0 to stay safe. ⚠️ #WinZip #Malware #USA link: https://t.co/yohMegk0Nw https://t.co/wnnZ9TMdJs
@TweetThreatNews
14 Feb 2025
21 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🛡️ WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code Read more: https://t.co/nKCnXyjQk7 👉 Inadequate validation of 7Z file data 👉 Vulnerability tracked as CVE-2025-1240 👉 Allows full system compromise 👉 Update to WinZip 29.0 to mitigate risks #cybersecurity
@gbhackers_news
14 Feb 2025
86 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🛡️ WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code Read more: https://t.co/LiIjASYtER 👉 Inadequate validation of 7Z file data 👉 Vulnerability tracked as CVE-2025-1240 👉 Allows full system compromise 👉 Update to WinZip 29.0 to mitigate risks #cybersecurit
@The_Cyber_News
14 Feb 2025
178 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-1240: WinZip Vulnerability Opens Door to Remote Code Execution https://t.co/EGsPkBYkiv
@Dinosn
14 Feb 2025
4848 Impressions
34 Retweets
120 Likes
27 Bookmarks
0 Replies
1 Quote
CVE-2025-1240 WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected install… https://t.co/iHEFbi05rO
@CVEnew
11 Feb 2025
326 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes