CyberSecurityBoard
Sponsor Register Login

New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code

A newly discovered Zip Slip vulnerability has been identified, posing significant risks to software systems that handle archive files. This security flaw allows attackers to exploit directory traversal issues within zip archives, enabling them to execute arbitrary code on affected systems. The vulnerability arises when applications extract files from zip archives without proper validation of file paths, allowing malicious actors to overwrite critical files or place malicious executables in sensitive locations. This exploit can lead to unauthorized access, data breaches, and system compromise, highlighting the urgent need for developers and organizations to implement robust input validation and patch vulnerable software promptly. The cybersecurity community is urged to raise awareness about this threat and adopt best practices for secure archive handling to mitigate potential attacks. Continuous monitoring and timely updates are essential to protect against exploitation of this Zip Slip vulnerability.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 27 Aug 2025 13:55:13 +0000


Cyber News related to New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code

New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code - A newly discovered Zip Slip vulnerability has been identified, posing significant risks to software systems that handle archive files. This security flaw allows attackers to exploit directory traversal issues within zip archives, enabling them to ...
3 months ago Cybersecuritynews.com CVE-2024-12345
CVE-2022-21675 - Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially ...
3 years ago
CVE-2019-0191 - Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, ...
6 years ago
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files - Published on July 15, 2025, this path traversal vulnerability poses significant risks to system security, though exploitation requires direct user interaction. When users open maliciously crafted zip archives, the plugin fails to properly validate ...
4 months ago Cybersecuritynews.com CVE-2025-53906
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
2 years ago Cnn.com
CVE-2025-46730 - MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to ...
6 months ago
CVE-2025-3445 - A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or ...
7 months ago
Konfety Android Malware on Google Play Uses ZIP Manipulation to Imitate Legitimate Apps - Zimperium’s zLabs security research team has identified a new and highly sophisticated variant of the Konfety Android malware that employs advanced evasion techniques to bypass security analysis tools and conduct fraudulent advertising ...
4 months ago Cybersecuritynews.com
NoisyBear: Weaponizing ZIP Files for Stealthy Attacks - The article discusses the emerging threat of NoisyBear, a cyberattack technique that weaponizes ZIP files to evade detection and deliver malicious payloads. NoisyBear leverages the widespread use of ZIP archives to infiltrate systems stealthily, ...
3 months ago Cybersecuritynews.com NoisyBear
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
2 years ago Feeds.dzone.com
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
8 months ago Therecord.media
CVE-2025-31672 - Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate ...
7 months ago
CVE-2025-11001 - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this ...
2 weeks ago
CVE-2021-20735 - Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 ...
4 years ago
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
1 year ago Tenable.com
CVE-2020-14416 - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. ...
3 years ago
CVE-2022-41858 - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel ...
2 years ago
GootLoader Is Back With New ZIP File Trickery - GootLoader, a notorious malware loader, has resurfaced with a new tactic involving ZIP file trickery to bypass security measures. This resurgence highlights the evolving threat landscape where cybercriminals continuously adapt their methods to ...
4 weeks ago Cybersecuritynews.com
New Relic CEO sets observability strategy for the AI age - The executive that replaced Gary Steele as CEO at Proofpoint when Steele left for Splunk has now followed Steele's path from cybersecurity to the helm of an observability company. Ashan Willy was appointed CEO at New Relic in December, a month after ...
1 year ago Techtarget.com
Neurosurgeons of New Jersey Confirms Cyber Attack Resulting in Recent Data Breach - On December 4, 2023, Neurosurgical Associates of New Jersey filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering. In this notice, Neurosurgeons of New Jersey explains that an ...
1 year ago Jdsupra.com
CVE-2019-10743 - All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive ...
6 years ago
CVE-2025-4748 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files ...
5 months ago
CVE-2018-1002204 - adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)