CNNVD-202507-2057 Information

CNNVD ID

CNNVD-202507-2057

Related CVE

CVE-2025-53905

• CNNVD Published: 2025-07-15

Description (Chinese)

Vim是Vim开源的一款跨平台的文本编辑器。 Vim 9.1.1552之前版本存在路径遍历漏洞，该漏洞源于tar.vim插件存在路径遍历问题，可能导致任意文件覆盖。

Description (English)

Vim is a cross-platform text editor for Vim Open Source. Vim 9.1.1552 had a loophole in the path prior to that, which stemmed from the problem of the tar.vim plugin, which could lead to arbitrary document coverage.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Vim

Published

2025-07-15

Last Modified

2026-02-24

References

https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://vigilance.fr/vulnerability/Vim-file-write-via-tar-and-zip-extension-47729 https://access.redhat.com/security/cve/cve-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905

Patch

https://github.com/vim/vim