CVE-2025-29768

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.1198

Description: The issue concerns potential data loss when using Vim with the zip.vim plugin and specially crafted zip files. The impact is considered medium as it requires a user to view the malicious archive with Vim and then interact with it by pressing 'x' on a strange filename.

Recommendations: For versions prior to 9.1.1198, update to Vim patch v9.1.1198 to resolve the issue. As a temporary workaround, consider avoiding the use of zip.vim with untrusted zip files until the update is applied.

Exploit

Fix

Argument Injection

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88CWE-20CWE-77

Related Identifiers

ALT-PU-2025-5044

ALT-PU-2025-5579

ALT-PU-2025-5591

AZL-58616

AZL-58632

BDU:2025-06069

BDU:2025-06563

CVE-2025-29768

ECHO-650C-8906-B338

GHSA-693P-M996-3RMF

MGASA-2025-0107

OESA-2025-1351

SUSE-SU-2025:02226-1

SUSE-SU-2025:02227-1

SUSE-SU-2025:02228-1

SUSE-SU-2025_02226-1

SUSE-SU-2025_02227-1

SUSE-SU-2025_02228-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Vim

Zip.Vim

CVE-2025-29768

Weakness Enumeration

Related Identifiers

Affected Products

References · 50