Skip to main content
CVE-2025-53906 MEDIUM POC PATCH This Month

Path traversal in Vim's zip.vim plugin prior to version 9.1.1551 allows local attackers to overwrite arbitrary files when a user opens a specially crafted zip archive, potentially enabling arbitrary command execution if sensitive files or privileged locations are targeted. The vulnerability requires direct user interaction (opening a malicious zip file in Vim) and has low real-world impact due to high attack complexity and local attack vector, though publicly available exploit code exists. EPSS exploitation probability is minimal at 0.03% (7th percentile), reflecting the friction imposed by user interaction requirements.

Vim Path Traversal RCE Red Hat Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy