Path Traversal Vulnerability in Vim's Tar Plugin Affects Open Source Text Editor
CVE-2025-53905

4.1MEDIUM

Key Information:

Vendor: Vim
Status: Vim
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-53905?

Vim, the popular open-source command line text editor, is affected by a path traversal vulnerability in its tar.vim plugin. Prior to version 9.1.1552, this vulnerability allows users to overwrite arbitrary files when opening malformed tar archives. While the impact is considered low since it requires user interaction, successful exploitation can lead to serious consequences, such as overwriting sensitive files or executing arbitrary code depending on the permissions granted to the process. Users need to be cautious when editing files using Vim, as unique file names and content may indicate malicious activity. Version 9.1.1552 includes important patches to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vim < 9.1.1552

References

https://github.com/vim/vim/security/advisories/GHSA-74v4-...

x_refsource_CONFIRM

https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea...

x_refsource_MISC

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jul 11, 2025

JSON

Vim

What is CVE-2025-53905?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.