CVE-2025-66476 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious…
High CVSS: 7.8

CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
Vendor
Vim
Product
Vim
CWE
CWE-427
Yayın Tarihi
2025-12-02 22:16:09
Güncelleme
2026-01-30 18:50:29
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-427 Vim HIGH Vim 2025

Referanslar

https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25 https://github.com/vim/vim/releases/tag/v9.1.1947 https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 http://www.openwall.com/lists/oss-security/2025/12/02/5