7-Zip Flaw Lets Malicious RAR5 Files Crash Systems

A newly discovered 7 Zip flaw lets malicious RAR5 archive files crash systems by exploiting a memory corruption vulnerability in the file archiver’s RAR5 decoder. Tracked as CVE-2025-53816, the bug affects all 7-Zip versions before 25.00 and allows attackers to trigger denial-of-service conditions without executing arbitrary code.

Security researchers found the flaw in the CDecoder component of 7-Zip, where heap-based buffer overflows occur during recovery from corrupted archive data. The error stems from incorrect memory zeroing when calculating a value used to overwrite damaged sections. Because archive item sizes can be attacker-controlled, specially crafted files can write thousands of bytes beyond the allocated buffer.

This 7 Zip flaw lets malicious actors crash file processing tools widely used across personal and enterprise environments. Although the CVSS score is moderate at 5.5, the risk to workflows and automated systems remains significant.

Read the full report at: https://cybersecuritynews.com/7-zip-vulnerability-crash-system/