Bug 2380360 (CVE-2025-53906) - CVE-2025-53906 vim: Vim path traversal
Summary: CVE-2025-53906 vim: Vim path traversal
Keywords:
Status: NEW
Alias: CVE-2025-53906
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2380378 2380379
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-07-15 21:01 UTC by OSIDB Bzimport
Modified: 2025-11-11 19:13 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:18969 0 None None None 2025-10-22 10:14:02 UTC
Red Hat Product Errata RHBA-2025:18993 0 None None None 2025-10-22 20:07:35 UTC
Red Hat Product Errata RHBA-2025:19039 0 None None None 2025-10-23 14:40:37 UTC
Red Hat Product Errata RHBA-2025:19483 0 None None None 2025-11-03 15:06:53 UTC
Red Hat Product Errata RHBA-2025:20014 0 None None None 2025-11-10 11:56:01 UTC
Red Hat Product Errata RHSA-2025:17644 0 None None None 2025-10-09 07:09:25 UTC
Red Hat Product Errata RHSA-2025:17715 0 None None None 2025-10-09 19:13:45 UTC
Red Hat Product Errata RHSA-2025:17742 0 None None None 2025-10-13 01:59:50 UTC
Red Hat Product Errata RHSA-2025:17913 0 None None None 2025-10-14 05:24:21 UTC
Red Hat Product Errata RHSA-2025:20945 0 None None None 2025-11-11 13:53:16 UTC
Red Hat Product Errata RHSA-2025:21015 0 None None None 2025-11-11 19:13:06 UTC

Description OSIDB Bzimport 2025-07-15 21:01:39 UTC 
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.
Comment 3 errata-xmlrpc 2025-10-09 07:09:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:17644 https://access.redhat.com/errata/RHSA-2025:17644
Comment 4 errata-xmlrpc 2025-10-09 19:13:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:17715 https://access.redhat.com/errata/RHSA-2025:17715
Comment 5 errata-xmlrpc 2025-10-13 01:59:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:17742 https://access.redhat.com/errata/RHSA-2025:17742
Comment 6 errata-xmlrpc 2025-10-14 05:24:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:17913 https://access.redhat.com/errata/RHSA-2025:17913
Comment 10 errata-xmlrpc 2025-11-11 13:53:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:20945 https://access.redhat.com/errata/RHSA-2025:20945
Comment 11 errata-xmlrpc 2025-11-11 19:13:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21015 https://access.redhat.com/errata/RHSA-2025:21015
Note You need to log in before you can comment on or make changes to this bug.