CNNVD-202507-2060 Information

CNNVD ID

CNNVD-202507-2060

Related CVE

CVE-2025-53906

• CNNVD Published: 2025-07-15

Description (Chinese)

Vim是Vim开源的一款跨平台的文本编辑器。 Vim 9.1.1551之前版本存在路径遍历漏洞，该漏洞源于zip.vim插件存在路径遍历问题，可能导致任意文件覆盖。

Description (English)

Vim is a cross-platform text editor for Vim Open Source. Vim 9.1.1551 had a loophole in the path prior to that, which stemmed from the zip.vim plugin ’ s routing problem, which could lead to arbitrary document coverage.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Vim

Published

2025-07-15

Last Modified

2026-02-24

References

https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://vigilance.fr/vulnerability/Vim-file-write-via-tar-and-zip-extension-47729 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://access.redhat.com/security/cve/cve-2025-53906

Patch

https://github.com/vim/vim