Vim for Windows Uncontrolled Search Path Element Remote Code Execution...

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Basic Information

ID CVE-2025-66476

Source GitHub_M

Published Dec 2, 2025 at 21:49

Modified Dec 3, 2025 at 00:34

Affected Product

Vendor vim

Product vim

Version < 9.1.1947

Affected Versions vim vim < 9.1.1947

CWE Classification

CWE-427

References

{
    "lastseen": "",
    "description": "Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.",
    "published": "2025-12-02T21:49:24.672Z",
    "modified": "2025-12-03T00:34:43.624Z",
    "type": "cve",
    "title": "Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834\nhttps://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25\nhttps://github.com/vim/vim/releases/tag/v9.1.1947",
    "id": "CVE-2025-66476",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "vim vim < 9.1.1947",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vim",
    "version": "< 9.1.1947",
    "vendor": "vim",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability_CVE-2025-66476