CVE-2025-29768 — Argument Injection in Azl3 VIM 9.1.1198-1 ON Azure Linux 3.0

CWE-88 — Argument Injection5 documents5 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 69.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Msrc Azl3 VIM 9.1.1164-1 ON Azure Linux 3.0 +3 more

Timeline

PublishedMar 13

Description

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages7 packages

▶msrcmsrc/azl3_vim_9.1.1198-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_vim_9.1.1198-1_on_cbl_mariner_2.0

▶NVDvim/vim< 9.1.1198

▶debiandebian/vim< vim 2:9.1.1230-1 (forky)

▶Debianvim/vim< 2:9.1.1230-1+1

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-29768: Vim, a text editor, is vulnerable to potential data loss with zip↗2025-03-13

▶

📋Vendor Advisories

Red Hat

vim: Vim vulnerable to potential data loss with zip.vim and special crafted zip files↗2025-03-13

▶

Microsoft

Vim vulnerable to potential data loss with zip.vim and special crafted zip files↗2025-03-11

▶

Debian

CVE-2025-29768: vim - Vim, a text editor, is vulnerable to potential data loss with zip.vim and specia...↗2025

▶