CVE-2025-9389
BaseFortify
Publication date: 2025-08-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vim | vim | 9.1.0000 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9389 is a memory corruption vulnerability in vim version 9.1.0000, specifically in the xxd utility's autoskip mode (-a flag). The issue arises from improper boundary checking during the null-line detection and replacement logic, where consecutive null lines are replaced with a single asterisk ('*'). This leads to incorrect memory offset calculations and an out-of-bounds memory access during a memmove operation in the function __memmove_avx_unaligned_erms, causing memory corruption and a segmentation fault. The vulnerability requires local access to exploit and can be triggered by specially crafted input files. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause memory corruption and program crashes (segmentation faults) in vim's xxd utility when processing crafted input files with the autoskip flag enabled. This impacts system availability by causing unexpected termination of the utility, potentially disrupting workflows that rely on xxd. Since the exploit requires local access, an attacker with local privileges could use this flaw to destabilize the system or cause denial of service. No direct remote exploitation or privilege escalation is indicated. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash using the xxd utility with the autoskip flag (-a) on a crafted input file that triggers the memory corruption. Specifically, compile xxd with debugging symbols and run the command: `./xxd -a POC_xxd_autoskip_segfault`. If the program crashes with a segmentation fault (SIGSEGV) during the memmove operation, the vulnerability is present. Monitoring for crashes or segmentation faults in xxd when processing files with the autoskip flag can also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable vim 9.1.0000 and its xxd utility with the autoskip flag (-a). Since no known countermeasures exist, replacing vim with an alternative product or using a version of vim that is not affected by this vulnerability is recommended. Additionally, restricting local access to systems running the vulnerable software can reduce the risk, as exploitation requires local access. [1]