The CJEU ruling by the Court of Justice of the European Union on Tuesday has made it clear that online marketplaces are responsible for the personal data that appears in advertisements on their platforms. The Court of Justice of the European Union decision makes clear that platforms must get consent from any person whose data is shown in an advertisement, and must verify ads before they go live, especially where sensitive data is involved. The CJEU ruling comes from a 2018 incident in Romania. A fake advertisement on the classifieds website publi24.ro claimed a woman was offering sexual services. The post included her photos and phone number, which were used without her permission. The operator of the site, Russmedia Digital, removed the ad within an hour, but by then it had already been copied to other websites. The woman said the ad harmed her privacy and reputation and took the company to court. Lower courts in Romania gave different decisions, so the case was referred to the Court of Justice of the European Union for clarity. The CJEU has now confirmed that online marketplaces are data controllers under the GDPR for the personal data contained in ads on their sites.

CJEU Ruling: What Online Marketplaces Must Do Now

The court said that marketplace operators must take more responsibility and cannot rely on old rules that protect hosting services from liability. From now on, platforms must:

• Check ads before publishing them when they contain personal or sensitive data.
• Confirm that the person posting the ad is the same person shown in the ad, or make sure the person shown has given explicit consent.
• Refuse ads if consent or identity verification cannot be confirmed.
• Put measures in place to help prevent sensitive ads from being copied and reposted on other websites.

These steps must be part of the platform’s regular technical and organisational processes to comply with the GDPR.

What This Means for Platforms Across The EU

Legal teams at Pinsent Masons warned the decision “will likely have major implications for data protection across the 27 member states.” Nienke Kingma of Pinsent Masons said the ruling is important for compliance, adding it is “setting a new standard for data protection compliance across the EU.” Thijs Kelder, also at Pinsent Masons, said: “This judgment makes clear that online marketplaces cannot avoid their obligations under the GDPR,” and noted the decision “increases the operational risks on these platforms,” meaning companies will need stronger risk management. Daphne Keller of Stanford Law School warned about wider effects on free expression and platform design, noting the ruling “has major implications for free expression and access to information, age verification and privacy.”

Practical Impact

The CJEU ruling decision marks a major shift in how online marketplaces must operate. Platforms that allow users to post adverts will now have to rethink their processes, from verifying identities and checking personal data before an ad goes live to updating their terms and investing in new technical controls. Smaller platforms may feel the pressure most, as the cost of building these checks could be significant. What happens next will depend on how national data protection authorities interpret the ruling and how quickly companies can adapt. The coming months will reveal how verification should work in practice, what measures count as sufficient protection against reposting, and how platforms can balance these new duties with user privacy and free expression. The ruling sets a strict new standard, and its real impact will become clearer as regulators, courts, and platforms begin to implement it.

A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attackers to execute malicious code remotely, potentially compromising critical systems. NHS Digital issued a cyber alert urging organizations and users to take immediate action. 

Details of the CVE-2025-11001 Vulnerability

CVE-2025-11001 is classified as a file-parsing directory traversal remote code execution vulnerability. With a CVSS score of 7.0, the flaw is considered high severity. Exploitation occurs through 7-Zip’s handling of symbolic links during the extraction of archive files. By crafting malicious archives, attackers can manipulate 7-Zip to write files outside the intended extraction directory. This misbehavior enables the placement of executable files in sensitive system locations, which can then be triggered to execute arbitrary code.  Security researchers have released a proof-of-concept (PoC) exploit demonstrating how CVE-2025-11001 can be leveraged. While the PoC does not constitute a fully weaponized attack, it lowers the barrier for cybercriminals, making unpatched systems increasingly vulnerable. 

Impact and Threat Assessment

All 7-Zip versions before 25.00 are at risk, which includes a vast number of enterprise systems, government agencies, and personal computers. The NHS Digital cybersecurity team has classified this issue as Threat ID CC-4719 with medium severity, highlighting the urgent need for patching.  Although initial reports suggested active exploitation in the wild, a subsequent update on November 20, 2025, clarified that no confirmed exploitation of CVE-2025-11001 has been observed by NHS England’s National Cyber Security Operations Centre (CSOC). The National CSOC did confirm the existence of the public PoC exploit and indicated that potential exploitation remains likely in the future if systems are left unpatched.  Given the deployment of 7-Zip across multiple environments, the potential attack surface is significant. A successful attack could allow unauthorized access to sensitive systems and facilitate the deployment of additional malware payloads. 

Remediation and Recommendations

In response to CVE-2025-11001, 7-Zip released version 25.00, which addresses the vulnerability and mitigates the risk of remote code execution via malicious archive files. Organizations and individual users are strongly advised to upgrade immediately. Delaying the update leaves systems exposed to potential threats that could be exploited once more attacks emerge.  System administrators should prioritize updating all endpoints and servers running vulnerable 7-Zip versions. Implementing this patch eliminates the directory traversal flaw, effectively neutralizing the possibility of arbitrary code execution through symbolic link abuse. 

Conclusion

CVE-2025-11001 is a high-severity 7-Zip vulnerability. While NHS systems haven’t seen confirmed exploitation, the public proof-of-concept raises the risk. Organizations should update to 7-Zip 25.00 or later and report incidents to NHS Digital.  To stay protected from threats like CVE-2025-11001, Cyble provides AI-driven vulnerability intelligence, helping organizations prioritize and patch critical risks before they are exploited. Schedule a personalized demo with Cyble to protect your systems today. 

Researchers from Google’s Project Zero discovered a medium-severity remote code execution (RCE) vulnerability that affects multiple platforms, including Android (Samsung and Pixel devices) and Windows. Remote code execution means an attacker could run programs on your device without your permission. The flaw, found in Dolby’s Unified Decoder Component (UDC) that handles audio playback, can be triggered automatically when a device receives an audio message—no tap or user action required.

The flaw affects Android devices that use Dolby audio processing (for example, Google Pixel and Samsung smartphones) and Windows systems running Dolby UDC versions 4.5–4.13. Other vendors that integrate Dolby’s decoding capabilities may also be indirectly impacted, depending on their library updates.

Tracked as CVE-2025-54957, the problem arises from the way the Dolby UDC handles “evolution data.” In the context of Dolby Digital Plus (DD+) audio streams, evolution data refers to a specialized extension block introduced in later versions of Dolby’s codecs to support additional functionality, such as higher channel counts, advanced loudness metadata, and dynamic range adjustments.

The buffer overflow occurs when the decoder parses the evolution data and miscalculates the size of incoming packets. Because this data block can vary in length, depending on the metadata or the embedded audio mode, the faulty length calculation can lead to insufficient buffer allocation. Malformed data can then overwrite adjacent memory and potentially allow remote code execution.

Buffers are areas of memory set aside to hold data. When a buffer overflow happens, it can overwrite neighboring memory areas, which may contain other data or executable code. This overwriting is not a deliberate action by the transaction or program, but an unintended consequence of the vulnerability, which could have been prevented by bounds checking.

While not every overflow carries malicious intent, the behavior of buffer overflows can be exploited. Attackers can use them to disrupt the operation of other programs, causing them to malfunction, expose secrets, or even run malicious code. In fact, buffer overflow vulnerabilities are the most common security vulnerabilities today.

The vulnerability is exploitable by sending a target a specially crafted audio file. An attacker could make a phone or PC run malicious code inside the audio-decoding process, leading to crashes or unauthorized control. It’s similar to getting a song stuck in your head so badly that you can’t think of anything else and end up dancing off a cliff.

The abuse of CVE-2025-54957 is not a purely hypothetical case. In its official October 14 security advisory, Dolby mentions that it is:

“aware of a report found with Google Pixel devices indicating that there is a possible increased risk of vulnerability if this bug is used alongside other known Pixel vulnerabilities. Other Android mobile devices could be at risk of similar vulnerabilities.”

Dolby did not reveal any details, but just looking at the September 2025 Android security updates, there are several patches that could plausibly be chained with this bug to allow a local attacker to gain an elevation of privilege (EoP).

How to stay safe

To prevent falling victim to an attack using this vulnerability, there are a few things you can do.

• Don’t open unsolicited attachments, including sound files.
• Install updates promptly. Dolby has released fixes that device makers must roll into firmware and OS updates—enable automatic updates where possible.
• Use an up-to-date real-time anti-malware solution, preferably with a web component.

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.