Memory Corruption in Vim Affects Local Host Operations
CVE-2025-1215

2.4LOW

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
12 February 2025

What is CVE-2025-1215?

A memory corruption vulnerability in Vim has been identified, affecting versions up to 9.1.1096. The issue arises due to improper handling of the --log argument in the src/main.c file, which could be exploited locally. Successful exploitation may lead to unauthorized access or manipulation of data within the application. Users are strongly advised to upgrade to version 9.1.1097 to eliminate this risk. The fix is documented in patch c5654b84480822817bb7b69ebc97c174c91185e9.

Affected Version(s)

vim 9.1.1096

References

https://vuldb.com/?id.295174
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295174
signaturepermissions-required
https://vuldb.com/?submit.497546
third-party-advisory

CVSS V4

Score:
2.4
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wenjusun (VulDB User)
.