Vulnerability Description
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | >= 9.1.1459, < 9.1.1616 |
Related Weaknesses (CWE)
References
- https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=shariExploit
- https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0Patch
- https://github.com/vim/vim/issues/17944ExploitIssue TrackingVendor Advisory
- https://github.com/vim/vim/pull/17947ExploitIssue Tracking
- https://github.com/vim/vim/releases/tag/v9.1.1616Release Notes
- https://vuldb.com/?ctiid.321223Permissions RequiredVDB Entry
- https://vuldb.com/?id.321223Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.630903ExploitThird Party AdvisoryVDB Entry
- https://github.com/vim/vim/issues/17944ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?submit.630903ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9390?
CVE-2025-9390 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overfl...
How severe is CVE-2025-9390?
CVE-2025-9390 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9390?
Check the references section above for vendor advisories and patch information. Affected products include: Vim Vim.