CVE-2025-53905
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-15

Last updated on: 2025-11-04

Assigner: GitHub, Inc.

Description
Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-15
Last Modified
2025-11-04
Generated
2026-05-07
AI Q&A
2025-07-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vim vim to 9.1.1552 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The impact is considered low because exploitation requires direct user interaction. However, if exploited, it can result in overwriting sensitive files or placing executable code in privileged locations, potentially allowing execution of arbitrary commands on the underlying operating system. This could compromise system integrity and security depending on the permissions of the Vim process.


Can you explain this vulnerability to me?

This vulnerability is a path traversal issue in Vim's tar.vim plugin prior to version 9.1.1552. It allows an attacker to overwrite arbitrary files by opening specially crafted tar archives. Exploitation requires direct user interaction, specifically the victim editing such a crafted file with Vim. If successful, it can lead to overwriting sensitive files or placing executable code in privileged locations depending on the permissions of the process running Vim.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves verifying the Vim version installed on your system. You can check the Vim version by running the command: vim --version. If the version is prior to 9.1.1552, the system is vulnerable. Additionally, monitoring for unusual file overwrites or unexpected behavior when opening tar archives with Vim may indicate exploitation attempts. There are no specific network detection commands since this vulnerability requires direct user interaction.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Vim to version 9.1.1552 or later, which contains the patch for this vulnerability. Until the upgrade is applied, avoid opening untrusted or specially crafted tar archives with Vim to prevent exploitation. Educate users about the risk of opening suspicious files with Vim.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart