CVE-2025-1240
Published: 11 February 2025
Summary
CVE-2025-1240 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Winzip Winzip. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-1240 is an out-of-bounds write vulnerability in WinZip that occurs during parsing of 7Z files. The flaw stems from insufficient validation of user-supplied data, allowing a write past the end of an allocated buffer. It affects WinZip installations and carries a CVSS 3.1 score of 8.8 with the CWE-787 classification.
Remote attackers can exploit the issue to execute arbitrary code in the context of the current process. Exploitation requires user interaction, specifically that the target either visits a malicious page or opens a malicious 7Z file. The vulnerability was originally reported as ZDI-CAN-24986.
The Zero Day Initiative advisory ZDI-25-047 provides details on the issue. The EPSS score reached a peak of 0.3329 after disclosure before settling at the current value of 0.2635, indicating emerging exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2096
Vulnerability details
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
more
page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in 7Z parser enables RCE when user opens malicious file (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the out-of-bounds write flaw in WinZip's 7Z file parsing by identifying, testing, and installing vendor-provided patches.
Implements memory safeguards such as non-executable memory regions and address space randomization to block arbitrary code execution from buffer overflow exploits.
Requires validation of user-supplied data at file parsing input points to prevent writes past allocated buffers in 7Z processing.