CVE-2025-9390
vim xxd xxd.c main buffer overflow
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
24 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Productos afectados
n/a · vimReferencias
https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharinghttps://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0https://github.com/vim/vim/issues/17944https://github.com/vim/vim/pull/17947https://github.com/vim/vim/releases/tag/v9.1.1616https://vuldb.com/?ctiid.321223https://vuldb.com/?id.321223https://vuldb.com/?submit.630903