CVE-2025-29768
Public on 2025-03-13
Modified on 2025-03-18
Description
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | vim | No Fix Planned | ||
| HAQM Linux 2 - Core | vim | 2025-04-09 | ALAS2-2025-2827 | Fixed |
| HAQM Linux 2023 | vim | 2025-04-09 | ALAS2023-2025-932 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
| NVD | CVSSv3 | 4.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |