CVE-2025-66476
Last modified
CVE-2025-66476 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vim | Vim | < 9.1.1947 |
References
- https://github.com/vim/vim/releases/tag/v9.1.1947Release Notes
- https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834Patch, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/12/02/5Mailing List, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66476?
How severe is CVE-2025-66476?
How do I fix CVE-2025-66476?
Are you affected by CVE-2025-66476?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST