CVE-2025-1215Improper Restriction of Operations within the Bounds of a Memory Buffer in VIM

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-134Use of Externally-Controlled Format String10 documents8 sources
Severity
2.4LOWNVD
EPSS
0.0%
top 87.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
VIMDebian VIMMsrc Azl3 VIM 9.1.0791-4 ON Azure Linux 3.0+7 more
Timeline
PublishedFeb 12
Latest updateFeb 12

Description

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages13 packages

NVDvim/vim< 9.1.1097
debiandebian/vim< vim 2:9.1.1113-1 (forky)
Debianvim/vim< 2:9.1.1113-1+1
Ubuntuvim/vim< 2:8.1.2269-1ubuntu5.32+5
CVEListV5vim/vim9.1.1096

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
vim vulnerabilities2025-04-07
GHSA
GHSA-6wvf-533r-84vc: A vulnerability classified as problematic was found in vim up to 92025-02-12
OSV
CVE-2025-1215: A vulnerability classified as problematic was found in vim up to 92025-02-12

📋Vendor Advisories

5
Ubuntu
Vim vulnerabilities2025-04-07
Red Hat
vim: vim main.c memory corruption2025-02-12
Microsoft
vim main.c memory corruption2025-02-11
Debian
CVE-2025-1215: vim - A vulnerability classified as problematic was found in vim up to 9.1.1096. This ...2025
Microsoft
A format string vulnerability was found in libinput2022-05-10

📄Research Papers

1
arXiv
From CVE Entries to Verifiable Exploits: An Automated Multi-Agent Framework for Reproducing CVEs2026-02-12
CVE-2025-1215 — VIM vulnerability | cvebase