CVE-2025-1215

low-risk

Published 2025-02-12

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.8/10 Low

LOCAL / LOW complexity

Affected Products (2)

Vim

Bootstrap Os

Affected Vendors

Netapp Vim

References (9)

Patch https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9

Exploit https://github.com/vim/vim/issues/16606

Release Notes https://github.com/vim/vim/releases/tag/v9.1.1097

Permissions Required https://vuldb.com/?ctiid.295174

Third Party Advisory https://vuldb.com/?id.295174

Third Party Advisory https://vuldb.com/?submit.497546

Third Party Advisory https://security.netapp.com/advisory/ntap-20250321-0005/

Exploit https://github.com/vim/vim/issues/16606

Third Party Advisory https://vuldb.com/?submit.497546

/ 100

low-risk

Severity 11/34 · Low

Exploitability 0/34 · Minimal

Exposure 7/34 · Low