公告單位　　電子計算機中心	公告日期　　2025/11/25
主　　旨　　【資安新聞】英國針對 7-Zip 用戶警告，駭客積極利用符號連結漏洞從事活動（2025-11-20 發佈）**Cybersecurity Alert: UK Warns 7-Zip Users of Active Exploitation of Symbolic Link Vulnerability (Published: November 20, 2025)**The UK government has issued a warning to users of the 7-Zip file archiving software regarding ongoing malicious activities exploiting a symbolic link vulnerability. Cybercriminals are actively leveraging this security flaw to carry out attacks. Users are strongly advised to update their software to the latest version to mitigate potential risks and ensure the security of their data.
內　　容　 一、7-Zip 因處理 ZIP 檔符號連結機制不當，可能造成壓縮檔特定內容在非預期資料夾出現，攻擊者可藉此利用服務帳號執行程式碼。此漏洞影響 24.09 以下版本，官方已於今年7月釋出 25.00 版進行修補。 二、目前最新版本為 7-Zip 25.01（2025-08-03）。如您的電腦版本偏舊，請至官方網站下載並手動更新： 7-Zip 官方網站：https://www.7-zip.org/download.html 三、相關資訊來源： iThome 資訊新聞：https://www.ithome.com.tw/news/172366 電子計算機中心 **Announcement: Security Advisory Regarding 7-Zip Vulnerability** 1. Due to an improper handling of symbolic link mechanisms in ZIP files, 7-Zip may allow specific contents of compressed archives to appear in unintended directories. Attackers could exploit this vulnerability to execute code using service accounts. This issue affects versions prior to 24.09; the vendor has released version 25.00 in July of this year to address the problem. 2. The latest version is currently 7-Zip 25.01 (released August 3, 2025). If your system is running an older version, please visit the official website to download and manually update: - [7-Zip Official Website](https://www.7-zip.org/download.html) 3. For further information, please refer to the following source: - [iThome News Article](https://www.ithome.com.tw/news/172366) --- **Computer Center** Tzu Chi University
附　　件　 : 無附件
相關連結　 :

公告起始　：2025/11/25	公告迄止　：2025/12/12
活動起始　：2025/11/25	活動迄止　：2025/12/12
主辦單位　：	協辦單位　：
活動地點　：