Skip to main content

Ubuntu EUVD-2025-200373

| CVE-2025-66476 HIGH
Uncontrolled Search Path Element (CWE-427)
2025-12-02 security-advisories@github.com
Information Disclosure Microsoft Ubuntu Debian Vim Windows Red Hat
7.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 14:04 euvd
EUVD-2025-200373
Analysis Generated
Mar 15, 2026 - 14:04 vuln.today
Patch released
Mar 15, 2026 - 14:04 nvd
Patch available
CVE Published
Dec 02, 2025 - 22:16 nvd
HIGH 7.8

DescriptionGitHub Advisory

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Analysis

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Technical ContextAI

This vulnerability is classified as Uncontrolled Search Path Element (CWE-427).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

More from same product – last 7 days

CVE-2026-47162 HIGH
7.3 Jun 11

Vimscript code injection in the netrw plugin shipped with Vim before 9.2.0495 allows attackers who can plant or have a v
CVE-2026-52859 MEDIUM
6.9 Jun 11

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program

CVE-2026-47167 MEDIUM
5.1 Jun 11

Code injection via unsanitized step-definition patterns in Vim's cucumber filetype plugin allows arbitrary Ruby and shel

Vendor StatusVendor

Ubuntu

Priority: Medium
vim
Release Status Version
upstream not-affected debian: Only affects Vim on Windows
bionic not-affected windows only
focal not-affected windows only
jammy not-affected windows only
noble not-affected windows only
plucky not-affected windows only
questing not-affected windows only
trusty not-affected windows only
xenial not-affected windows only

Debian

vim
Release Status Fixed Version Urgency
bullseye fixed 2:8.2.2434-3+deb11u1 -
bullseye (security) fixed 2:8.2.2434-3+deb11u3 -
bookworm fixed 2:9.0.1378-2+deb12u2 -
trixie fixed 2:9.1.1230-2 -
forky fixed 2:9.1.2141-1 -
sid fixed 2:9.2.0136-1 -
(unstable) not-affected - -

Share

EUVD-2025-200373 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy