CyberSecurityBoard
Sponsor Register Login

New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code

A newly discovered Zip Slip vulnerability has been identified, posing significant risks to software systems that handle archive files. This security flaw allows attackers to exploit directory traversal issues within zip archives, enabling them to execute arbitrary code on affected systems. The vulnerability arises when applications extract files from zip archives without proper validation of file paths, allowing malicious actors to overwrite critical files or place malicious executables in sensitive locations. This exploit can lead to unauthorized access, data breaches, and system compromise, highlighting the urgent need for developers and organizations to implement robust input validation and patch vulnerable software promptly. The cybersecurity community is urged to raise awareness about this threat and adopt best practices for secure archive handling to mitigate potential attacks. Continuous monitoring and timely updates are essential to protect against exploitation of this Zip Slip vulnerability.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 27 Aug 2025 13:55:13 +0000


Cyber News related to New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code

New Zip Slip Vulnerability Allows Attackers to Execute Arbitrary Code - A newly discovered Zip Slip vulnerability has been identified, posing significant risks to software systems that handle archive files. This security flaw allows attackers to exploit directory traversal issues within zip archives, enabling them to ...
6 days ago Cybersecuritynews.com CVE-2024-12345
CVE-2022-21675 - Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially ...
3 years ago
CVE-2019-0191 - Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, ...
6 years ago
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files - Published on July 15, 2025, this path traversal vulnerability poses significant risks to system security, though exploitation requires direct user interaction. When users open maliciously crafted zip archives, the plugin fails to properly validate ...
1 month ago Cybersecuritynews.com CVE-2025-53906
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
CVE-2025-46730 - MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to ...
3 months ago
CVE-2025-3445 - A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or ...
4 months ago
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
5 months ago Therecord.media
Konfety Android Malware on Google Play Uses ZIP Manipulation to Imitate Legitimate Apps - Zimperium’s zLabs security research team has identified a new and highly sophisticated variant of the Konfety Android malware that employs advanced evasion techniques to bypass security analysis tools and conduct fraudulent advertising ...
1 month ago Cybersecuritynews.com
CVE-2025-31672 - Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate ...
4 months ago
CVE-2021-20735 - Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 ...
4 years ago
CVE-2024-50033 - In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the ...
10 months ago Tenable.com
CVE-2020-14416 - In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. ...
3 years ago
CVE-2022-41858 - A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel ...
1 year ago
New Relic CEO sets observability strategy for the AI age - The executive that replaced Gary Steele as CEO at Proofpoint when Steele left for Splunk has now followed Steele's path from cybersecurity to the helm of an observability company. Ashan Willy was appointed CEO at New Relic in December, a month after ...
1 year ago Techtarget.com
Neurosurgeons of New Jersey Confirms Cyber Attack Resulting in Recent Data Breach - On December 4, 2023, Neurosurgical Associates of New Jersey filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering. In this notice, Neurosurgeons of New Jersey explains that an ...
1 year ago Jdsupra.com
CVE-2019-10743 - All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive ...
5 years ago
TISAX: new Catalogue ISA v6 available - ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and improvements to address the challenges and needs of the industry. Key changes in ISA 6: New and revised controls to strengthen protection, detection, ...
1 year ago Sorinmustaca.com
CVE-2025-4748 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files ...
2 months ago
CVE-2018-1002204 - adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as ...
5 years ago
CVE-2018-1002201 - zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. ...
5 years ago
CVE-2024-24789 - The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation ...
1 year ago
Cybersixgill Announces Identity Intelligence Module for Threat Analysis - PRESS RELEASE. Tel Aviv, Israel - December 6, 2023 - Cybersixgill, the global cyber threat intelligence data provider, announced today new features and capabilities that take security teams' threat detection and mitigation efforts to new levels, ...
1 year ago Darkreading.com Hunters
Cybersixgill introduces new features and capabilities to strengthen threat analysis - Cybersixgill announced new features and capabilities that take security teams' threat detection and mitigation efforts to new levels, helping them identify and mitigate vulnerabilities and detect and stop threats more quickly and effectively. ...
1 year ago Helpnetsecurity.com Hunters

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)