CVE-2025-1215
Last modified
CVE-2025-1215 is a low-severity vulnerability rated 2.4/10 on the CVSS scale. A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. EPSS estimates a 0.50% chance of exploitation in the next 30 days.
Description
A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | < 9.1.1097 |
| Netapp | Bootstrap Os | All versions |
References
- https://github.com/vim/vim/issues/16606Exploit, Issue Tracking
- https://github.com/vim/vim/releases/tag/v9.1.1097Release Notes
- https://vuldb.com/?ctiid.295174Permissions Required, VDB Entry
- https://vuldb.com/?id.295174Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.497546Third Party Advisory, VDB Entry
- https://security.netapp.com/advisory/ntap-20250321-0005/Third Party Advisory
- https://github.com/vim/vim/issues/16606Exploit, Issue Tracking
- https://vuldb.com/?submit.497546Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-1215?
How severe is CVE-2025-1215?
How do I fix CVE-2025-1215?
Are you affected by CVE-2025-1215?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST