CVE-2025-29768
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
3Description
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
Analysis
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.
Technical Context
This vulnerability is classified under CWE-88. Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198. Affected products include: Vim, Netapp Bootstrap Os. Version information: prior to 9.1.1198..
Affected Products
Vim, Netapp Bootstrap Os.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today