Vulnerability Description
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | < 9.1.1947 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25Patch
- https://github.com/vim/vim/releases/tag/v9.1.1947Release Notes
- https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2025/12/02/5Mailing ListPatchThird Party Advisory
FAQ
What is CVE-2025-66476?
CVE-2025-66476 is a vulnerability with a CVSS score of 7.8 (HIGH). Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current worki...
How severe is CVE-2025-66476?
CVE-2025-66476 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-66476?
Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim, Microsoft Windows.