CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531
https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
https://security.netapp.com/advisory/ntap-20250502-0001/

Configurations

No configuration.

History

02 May 2025, 23:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20250502-0001/ -
Summary		(es) Vim, un editor de texto, es vulnerable a la posible pérdida de datos con zip.vim y archivos zip manipulados especialmente en versiones anteriores a la 9.1.1198. El impacto es moderado, ya que es necesario que el usuario visualice dicho archivo con Vim y luego presione "x" en un nombre de archivo tan extraño. El problema se ha solucionado con el parche de Vim v9.1.1198.

13 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-13 17:15

Updated : 2025-05-02 23:15

NVD link : CVE-2025-29768

Mitre link : CVE-2025-29768

CVE.ORG link : CVE-2025-29768

JSON object : View

Products Affected

No product.

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

4.4 /10