Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option 

A critical remote code execution vulnerability in 7-Zip (CVE-2025-11001) arising from improper symbolic-link handling in ZIP archives is being actively exploited; it has CVSS v3 7.0, affects versions prior to 25.0.0 (with a related CVE-2025-11002), and has been observed across sectors such as healthcare and finance with an NHS advisory urging immediate updates. The report urges updating to 7-Zip 25.00 or later and highlights Qualys Patch Management as an automated remediation approach to mitigate risk.