EXECUTIVE SUMMARY:
A critical vulnerability in WinZip, tracked as CVE-2025-1240 with a CVSS score of 7.8, allows remote code execution via malformed 7Z archive files, potentially leading to full system compromise. The flaw stems from improper validation of 7Z file data, enabling attackers to craft malicious archives that trigger an out-of-bounds write in memory. Exploitation requires user interaction, such as opening a malicious file or visiting a compromised webpage, making phishing campaigns a likely attack vector. Users should update WinZip to the latest release and avoid opening untrusted 7Z files to prevent exploitation. Prompt patching is essential to mitigate the risk of remote code execution.