CVE-2025-29768

EUVD-2025-6366
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
Argument Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.1.1198
netappbootstrap_os
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
no-dsa
bullseye
2:8.2.2434-3+deb11u1
fixed
bullseye (security)
2:8.2.2434-3+deb11u3
fixed
forky
2:9.2.0524-1
fixed
sid
2:9.2.0524-1
fixed
trixie
2:9.1.1230-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 12 SP3
9.1.1406-17.48.1
fixed
suse enterprise server 12 SP5
9.1.1406-17.48.1
fixed
suse enterprise server 15 SP2
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP5
9.1.1406-150500.20.27.1
fixed
vim
suse enterprise desktop 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise desktop 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise server 12 SP3
9.1.1406-17.48.1
fixed
suse enterprise server 12 SP5
9.1.1406-17.48.1
fixed
suse enterprise server 15 SP2
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP5
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP7
9.1.1406-150500.20.27.1
fixed
vim-data
suse enterprise desktop 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise desktop 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise server 12 SP3
9.1.1406-17.48.1
fixed
suse enterprise server 12 SP5
9.1.1406-17.48.1
fixed
suse enterprise server 15 SP2
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP5
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP7
9.1.1406-150500.20.27.1
fixed
vim-data-common
suse enterprise desktop 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise desktop 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise server 12 SP3
9.1.1406-17.48.1
fixed
suse enterprise server 12 SP5
9.1.1406-17.48.1
fixed
suse enterprise server 15 SP2
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP5
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP7
9.1.1406-150500.20.27.1
fixed
vim-small
suse enterprise desktop 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise desktop 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise sap 15 SP7
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP5
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP6
9.1.1406-150500.20.27.1
fixed
suse enterprise server 15 SP7
9.1.1406-150500.20.27.1
fixed
xxd
suse enterprise sap 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise sap 15 SP4
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP2
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP3
9.1.1406-150000.5.75.1
fixed
suse enterprise server 15 SP4
9.1.1406-150000.5.75.1
fixed
Common Weakness Enumeration
References
https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531
https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
https://security.netapp.com/advisory/ntap-20250502-0001/