7-Zip DoS Vulnerability CVE-2025-53816 Exploitable via Crafted RAR5 Files

Published Date: July 22, 2025
Category: ShadowOpsIntel
Share:

A severe denial-of-service (DoS) vulnerability has been discovered in 7-Zip, tracked as CVE-2025-53816. This vulnerability allows attackers to craft malicious RAR5 archive files that, when processed, trigger a heap-based buffer overflow causing application or system crashes. The issue has been resolved in version 25.00, released on July 5, 2025.

Severity Level: Moderate

Vulnerability Details

  1. CVE: CVE-2025-53816
  2. CVSS Score: 5.5
  3. Vulnerability Type and Description:
    o CWE-122: Heap-based Buffer Overflow
    o A buffer overflow occurs when a program writes more data to a block of memory (heap buffer) than it is allocated.
    o In this case, the overflow happens on the heap, which is dynamically allocated memory.
  4. Proof of Exploitability:
    o Executing below command with a specially crafted file:
    Command : 7zz e -so rar-crash.rar5
    o Triggers an immediate heap buffer overflow.
    o Causes 7-Zip to crash reliably—leading to a Denial-of-Service (DoS).

Technical Details

  • The vulnerability resides in NCompress::NRar5::CDecoder, specifically when processing corrupted RAR5 archive items.
  • When the decoder attempts to repair corrupted data using the function:
  • My_ZeroMemory(_window + _winPos, (size_t)rem), it miscalculates the rem value (amount of memory to zero out).
  • Function involved: My_ZeroMemory(_window + _winPos, (size_t)rem)
    • _window: Memory buffer used for decoding RAR5 data.
    • _winPos: Current position in the buffer.
    • rem: Remaining buffer size that should be zeroed out.
  • Issue: rem is calculated incorrectly, allowing writing beyond the buffer boundary.
  • The incorrect computation leads to writing beyond the allocated buffer, causing heap memory corruption.
  • The _lzEnd variable influencing this behavior can be manipulated by attacker-controlled archive content, making the crash reliably reproducible.

Affected & Fixed Versions

  • Vulnerable Version: 7-Zip versions before 25.00
  • Fixed Version: 7-Zip version 25.00 (Released: July 5, 2025)

Recommendations

  1. Immediately upgrade to 7-Zip version 25.00 or newer.
  2. Avoid processing RAR5 files from untrusted or unknown sources and consider implementing additional security measures for archive processing workflows.
  3. Implement sandboxing or isolated environments for archive handling.
  4. Enforce file-type scanning and behavior-based security tools on endpoints.
  5. Monitor system logs for repeated crashes tied to archive extraction activities.

Source:

  • https://gbhackers.com/7-zip-vulnerability-2/
  • https://nvd.nist.gov/vuln/detail/CVE-2025-53816
  • https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.