CVE-2025-9390

low-risk
Published 2025-08-24

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Vim

Affected Vendors

Vim

References (10)

Exploit https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=shari...
Patch https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0
Exploit https://github.com/vim/vim/issues/17944
Exploit https://github.com/vim/vim/pull/17947
Release Notes https://github.com/vim/vim/releases/tag/v9.1.1616
Permissions Required https://vuldb.com/?ctiid.321223
Third Party Advisory https://vuldb.com/?id.321223
Exploit https://vuldb.com/?submit.630903
Exploit https://github.com/vim/vim/issues/17944
Exploit https://vuldb.com/?submit.630903
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal