CVE-2025-53905 — Path Traversal in Azl3 VIM 9.1.1552-1 ON Azure Linux 3.0

CWE-22 — Path Traversal6 documents6 sources

Severity

4.1MEDIUMNVD

EPSS

0.0%

top 92.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM Msrc Azl3 VIM 9.1.1198-1 ON Azure Linux 3.0 +3 more

Timeline

PublishedJul 15

Latest updateSep 15

Description

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a fi…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:LExploitability: 1.0 | Impact: 2.7

Affected Packages7 packages

▶msrcmsrc/azl3_vim_9.1.1552-1_on_azure_linux_3.0

▶msrcmsrc/cbl2_vim_9.1.1552-1_on_cbl_mariner_2.0

▶NVDvim/vim< 9.1.1552

▶debiandebian/vim< vim 2:9.1.1829-1 (forky)

▶Debianvim/vim< 2:9.1.1829-1

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-53905: Vim is an open source, command line text editor↗2025-07-15

▶

📋Vendor Advisories

Ubuntu

Vim vulnerabilities↗2025-09-15

▶

Red Hat

vim: Vim path traversial↗2025-07-15

▶

Microsoft

Vim has path traversial issue with tar.vim and special crafted tar files↗2025-07-08

▶

Debian

CVE-2025-53905: vim - Vim is an open source, command line text editor. Prior to version 9.1.1552, a pa...↗2025

▶