CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
GitHub_MCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Debian logo
Debian Releases
Debian Product
Codename
vim
bullseye
2:8.2.2434-3+deb11u1
fixed
bullseye (security)
2:8.2.2434-3+deb11u3
fixed
bookworm
2:9.0.1378-2+deb12u2
fixed
trixie
2:9.1.1230-2
fixed
forky
2:9.1.1882-1
fixed
sid
2:9.1.1882-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
questing
needs-triage
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25
https://github.com/vim/vim/releases/tag/v9.1.1947
https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834
http://www.openwall.com/lists/oss-security/2025/12/02/5