What the vulnerability does

01Description

SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item.

Key dates

02Disclosure timeline

January 3, 2023 CVE published
April 10, 2025 Record updated