CNNVD-202512-154 Information

CNNVD ID

CNNVD-202512-154

Related CVE

CVE-2025-66476

• CNNVD Published: 2025-12-02

Description (Chinese)

Vim是Vim开源的一款跨平台的文本编辑器。 Vim 9.1.1947之前版本存在代码问题漏洞，该漏洞源于Windows上搜索路径控制不足，可能导致执行恶意可执行文件。

Description (English)

Vim is a cross-platform text editor for Vim Open Source. Vim 9.1. Prior to 1947, there was a code gap, which stemmed from inadequate search path controls on Windows, which could lead to the implementation of malicious enforceable documents.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Vim

Published

2025-12-02

Last Modified

2026-02-24

References

https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 https://github.com/vim/vim/releases/tag/v9.1.1947 https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66476

Patch

https://github.com/vim/vim/tags