Cyber Resilience

CVE-2025-1240

High

Published: 11 February 2025

Published
11 February 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2635 96.4th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1240 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Winzip Winzip. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-1240 is an out-of-bounds write vulnerability in WinZip that occurs during parsing of 7Z files. The flaw stems from insufficient validation of user-supplied data, allowing a write past the end of an allocated buffer. It affects WinZip installations and carries a CVSS 3.1 score of 8.8 with the CWE-787 classification.

Remote attackers can exploit the issue to execute arbitrary code in the context of the current process. Exploitation requires user interaction, specifically that the target either visits a malicious page or opens a malicious 7Z file. The vulnerability was originally reported as ZDI-CAN-24986.

The Zero Day Initiative advisory ZDI-25-047 provides details on the issue. The EPSS score reached a peak of 0.3329 after disclosure before settling at the current value of 0.2635, indicating emerging exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious…

more

page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds write in 7Z parser enables RCE when user opens malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27175Shared CWE-787
CVE-2025-24444Shared CWE-787
CVE-2021-47781Shared CWE-787
CVE-2025-24441Shared CWE-787
CVE-2025-21138Shared CWE-787
CVE-2026-27274Shared CWE-787
CVE-2026-21341Shared CWE-787
CVE-2026-34618Shared CWE-787
CVE-2019-25604Shared CWE-787
CVE-2025-23396Shared CWE-787

Affected Assets

winzip
winzip
18.0 — 18.0.16371 · 27.0 — 27.0.16370 · 76.0 — 76.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds write flaw in WinZip's 7Z file parsing by identifying, testing, and installing vendor-provided patches.

prevent

Implements memory safeguards such as non-executable memory regions and address space randomization to block arbitrary code execution from buffer overflow exploits.

prevent

Requires validation of user-supplied data at file parsing input points to prevent writes past allocated buffers in 7Z processing.

References