CVE-2025-1240

CVSS 3.0 Score 7.8 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 787

Summary

CVE-2025-1240 is a remote code execution vulnerability affecting WinZip's handling of 7Z files. Attackers can exploit this issue by crafting malicious files or web pages, requiring user interaction for successful exploitation. The flaw stems from insufficient validation of user-supplied data, leading to an out-of-bounds write condition. Subsequently, an attacker can execute arbitrary code within the affected system. This vulnerability was identified as ZDI-CAN-24986 prior to its public disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WinZIP

Affected Vendors

WinZIP Computing

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3RUfmE
https://www.cve.org/CVERecord?id=CVE-2025-1240
https://nvd.nist.gov/vuln/detail/CVE-2025-1240

Back to Vulnerability Database