CVE-2025-29768
MEDIUMVim < 9.1.1198 - Data Loss via Crafted Zip File in zip.vim
Title source: llmDescription
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
References (3)
Core 3
Core References
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250502-0001/
Vendor Advisory x_refsource_confirm
https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf
Patch x_refsource_misc
https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531
Scores
CVSS v3
4.4
EPSS
0.0034
EPSS Percentile
26.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-88
Status
published
Products (2)
netapp/bootstrap_os
vim/vim
< 9.1.1198
Published
Mar 13, 2025
Tracked Since
Feb 18, 2026