logo_clicknbuy.png

CVE-2025-9390 – Vim xxd Buffer Overflow Vulnerability

The following table lists the changes that have been made to the
CVE-2025-9390 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Aug. 24, 2025

    Action Type Old Value New Value
    Added Description A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:L/AC:L/Au:S/C:P/I:P/A:P)
    Added CWE CWE-119
    Added CWE CWE-120
    Added Reference https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing
    Added Reference https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0
    Added Reference https://github.com/vim/vim/issues/17944
    Added Reference https://github.com/vim/vim/pull/17947
    Added Reference https://github.com/vim/vim/releases/tag/v9.1.1616
    Added Reference https://vuldb.com/?ctiid.321223
    Added Reference https://vuldb.com/?id.321223
    Added Reference https://vuldb.com/?submit.630903
Share the Post:

Related Posts