CVE-2025-9389

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
vimvim
9.1.0000
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bullseye
2:8.2.2434-3+deb11u1
fixed
bullseye (security)
2:8.2.2434-3+deb11u3
fixed
bookworm
2:9.0.1378-2+deb12u2
fixed
forky
2:9.1.1230-2
fixed
trixie
2:9.1.1230-2
fixed
sid
2:9.1.1846-1
fixed
Common Weakness Enumeration
References
https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing
https://github.com/vim/vim/issues/17940
https://github.com/vim/vim/issues/17940#issuecomment-3203415781
https://vuldb.com/?ctiid.321222
https://vuldb.com/?id.321222
https://vuldb.com/?submit.630898
https://github.com/vim/vim/issues/17940
https://github.com/vim/vim/issues/17940#issuecomment-3203415781
https://vuldb.com/?submit.630898