Vulnerability Description
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | < 9.1.1198 |
| Netapp | Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
Related Weaknesses (CWE)
References
- https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531Patch
- https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmfVendor Advisory
- https://security.netapp.com/advisory/ntap-20250502-0001/Third Party Advisory
FAQ
What is CVE-2025-29768?
CVE-2025-29768 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an arch...
How severe is CVE-2025-29768?
CVE-2025-29768 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-29768?
Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Netapp Bootstrap Os, Netapp Hci Compute Node.