CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

Vim 路径遍历漏洞

Vim is a cross-platform text editor from the Vim open source. A path traversal vulnerability exists in versions prior to Vim 9.1.1551, which stems from a path traversal issue in the zip.vim plugin that could lead to arbitrary file overwrites...

PT-2025-29686

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.1551 Description Vim, an open-source command-line text editor, contains a path traversal issue within its zip.vim plugin. This issue allows overwriting of arbitrary files when opening specially crafted zip archives...

Security update for vim

This update for vim fixes the following issues: CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss bsc1228776. CVE-2025-29768: Fixed double-free in dialogchanged bsc1239602. Patch Instructions: To install this SUSE update use the SUSE...

AZL-58632 CVE-2025-29768 affecting package vim for versions less than 9.1.1198-1

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

DEBIAN-CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

UBUNTU-CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

Vim 参数注入漏洞

Vim is a cross-platform text editor from the Vim open source. A parameter injection vulnerability exists in Vim versions prior to 9.1.1198, which stems from zip.vim and specially crafted zip files that may result in data loss...

PT-2025-11214 · Vim +3 · Vim +4

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.1198 Description: The issue concerns potential data loss when using Vim with the zip.vim plugin and specially crafted zip files. The impact is considered medium as it requires a user to view the malicious archive wit...

Scientific Linux Security Update : vim on SL3.x, SL4.x, SL5.x i386/x86_64

Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. CVE-2008-4101 SL3 and SL4 Only: A heap-based overflow flaw was discovered in Vim's...

Mandriva Update for vim MDVSA-2008:236 (vim)

Check for the Version of vim OpenVAS Vulnerability Test Mandriva Update for vim MDVSA-2008:236 vim Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Update for vim MDVSA-2008:236-1 (vim)

Check for the Version of vim OpenVAS Vulnerability Test Mandriva Update for vim MDVSA-2008:236-1 vim Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CVE-2008-3075

CVE-2008-3075 affects Vim 7.0–7.2 (including 7.2a.10) via the shellescape vulnerability in the ZIP plugin (zipPlugin.vim v.11–v.21). An attacker can exploit the exclamation mark metacharacter in a ZIP filename (and possibly the first file inside) to execute arbitrary code; root cause tied to an i...

Vim多个插件字符转义任意命令执行漏洞

BUGTRAQ ID: 32462,32463 CVECAN ID: CVE-2008-3074,CVE-2008-3074 VIM是一款免费开放源代码文本编辑器，可使用在Unix/Linux操作系统下。 VIM的tar.vim和zip.vim插件中shellescape函数没有正确地转义所有项（“!”字符）。如果用户使用tar.vim插件打开了TAR文档的话，就会导致以运行Vim用户的权限执行任意指令。 VIM Development Group VIM 7.1 VIM Development Group VIM 7.0 RedHat ------...

RHEL 5 : vim (RHSA-2008:0580)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0580 advisory. - vim format string flaw CVE-2007-2953 - vim: command execution via scripts not sanitizing inputs to execute and system CVE-2008-2712 - Vim...

Vim多个Shell命令注入漏洞

BUGTRAQ ID: 29715 VIM是一款免费开放源代码文本编辑器，可使用在Unix/Linux操作系统下。 VIM的filetype.vim、tar.vim、zip.vim、xpm.vim、xpm2.vim、gzip.vim和netrw.vim脚本没有正确地转义传送给execute语句的文件名中的特殊字符，如果用户受骗打开了恶意文件的话，就可能导致向受影响系统注入并执行任意SHELL命令。 VIM Development Group VIM 7.1.314 VIM Development Group VIM 6.4 VIM Development Group...