Updated: 2025-08-29 16:48:27.228364
Description:
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 4.4 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | vim | 8.2.2637 | 4.4 | MEDIUM | Released | CLSA-2025:1765208529 | 2025-12-08 18:31:23 | Ignored due to low severity |
| CentOS 6 ELS | vim | 7.4.629 | 4.4 | MEDIUM | Ignored | 2025-09-10 13:44:45 | Ignored due to low severity | |
| CentOS 7 ELS | vim | 7.4.629 | 4.4 | MEDIUM | Ignored | 2025-09-10 13:44:46 | Ignored due to low severity | |
| Debian 10 ELS | vim | 8.1.0875 | 4.4 | MEDIUM | Ignored | 2025-10-11 00:16:49 | Ignored due to low severity | |
| Oracle Linux 6 ELS | vim | 7.4.629 | 4.4 | MEDIUM | Ignored | 2025-09-10 13:44:47 | Ignored due to low severity | |
| Oracle Linux 7 ELS | vim | 7.4.629 | 4.4 | MEDIUM | Ignored | 2025-10-07 16:39:29 | Ignored due to low severity | |
| TuxCare 9.6 ESU | vim | 8.2.2637 | 4.4 | MEDIUM | Released | CLSA-2026:1767617422 | 2026-01-05 20:24:19 | Low risk: the flaw is reachable only via a local, fully interactive workflow in Vim’s zip.vim wher... |
| Ubuntu 16.04 ELS | vim | 7.4.1689-3 | 4.4 | MEDIUM | Ignored | 2025-09-10 13:44:47 | Ignored due to low severity |