CVE-2025-66476Uncontrolled Search Path Element in VIM

CWE-427Uncontrolled Search Path Element5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 92.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
VIMDebian VIMMsrc Azl3 VIM 9.1.1616-1 ON Azure Linux 3.0+1 more
Timeline
PublishedDec 2
Latest updateDec 9

Description

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it ma

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDvim/vim< 9.1.1947
debiandebian/vim

Patches

Patch: github.comPatch: github.comPatch: www.openwall.com

🔴Vulnerability Details

1
OSV
CVE-2025-66476: Vim is an open source, command line text editor2025-12-02

📋Vendor Advisories

3
Microsoft
Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability2025-12-09
Red Hat
vim: Vim for Windows: Uncontrolled search path vulnerability allows arbitrary code execution2025-12-02
Debian
CVE-2025-66476: vim - Vim is an open source, command line text editor. Prior to version 9.1.1947, an u...2025
CVE-2025-66476 — Uncontrolled Search Path Element | cvebase