CVE-2025-9390

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-9390
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9390.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-9390
Downstream
Published
2025-08-24T14:15:32.413Z
Modified
2026-04-12T22:06:22.545037Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/vim/vim

Affected ranges

Type
GIT
Repo
https://github.com/vim/vim
Events
Introduced
6897f18ee6e5bb78b32c97616e484030fd514750
Fixed
eeef7c77436a78cd27047b0f5fa6925d56de3cb0
Database specific 
{
    "versions": [
        {
            "introduced": "9.1.1459"
        },
        {
            "fixed": "9.1.1616"
        }
    ]
}

Affected versions

v9.*
v9.1.1459
v9.1.1460
v9.1.1461
v9.1.1462
v9.1.1463
v9.1.1464
v9.1.1465
v9.1.1466
v9.1.1467
v9.1.1468
v9.1.1469
v9.1.1470
v9.1.1471
v9.1.1472
v9.1.1473
v9.1.1474
v9.1.1475
v9.1.1476
v9.1.1477
v9.1.1478
v9.1.1479
v9.1.1480
v9.1.1481
v9.1.1482
v9.1.1483
v9.1.1484
v9.1.1485
v9.1.1486
v9.1.1487
v9.1.1488
v9.1.1489
v9.1.1490
v9.1.1491
v9.1.1492
v9.1.1493
v9.1.1494
v9.1.1495
v9.1.1496
v9.1.1497
v9.1.1498
v9.1.1499
v9.1.1500
v9.1.1501
v9.1.1502
v9.1.1503
v9.1.1504
v9.1.1505
v9.1.1506
v9.1.1507
v9.1.1508
v9.1.1509
v9.1.1510
v9.1.1511
v9.1.1512
v9.1.1513
v9.1.1514
v9.1.1515
v9.1.1516
v9.1.1517
v9.1.1518
v9.1.1519
v9.1.1520
v9.1.1521
v9.1.1522
v9.1.1523
v9.1.1524
v9.1.1525
v9.1.1526
v9.1.1527
v9.1.1528
v9.1.1529
v9.1.1530
v9.1.1531
v9.1.1532
v9.1.1533
v9.1.1534
v9.1.1535
v9.1.1536
v9.1.1537
v9.1.1538
v9.1.1539
v9.1.1540
v9.1.1541
v9.1.1542
v9.1.1543
v9.1.1544
v9.1.1545
v9.1.1546
v9.1.1547
v9.1.1548
v9.1.1549
v9.1.1550
v9.1.1551
v9.1.1552
v9.1.1553
v9.1.1554
v9.1.1555
v9.1.1556
v9.1.1557
v9.1.1558
v9.1.1559
v9.1.1560
v9.1.1561
v9.1.1562
v9.1.1563
v9.1.1564
v9.1.1565
v9.1.1566
v9.1.1567
v9.1.1568
v9.1.1569
v9.1.1570
v9.1.1571
v9.1.1572
v9.1.1573
v9.1.1574
v9.1.1575
v9.1.1576
v9.1.1577
v9.1.1578
v9.1.1579
v9.1.1580
v9.1.1581
v9.1.1582
v9.1.1583
v9.1.1584
v9.1.1585
v9.1.1586
v9.1.1587
v9.1.1588
v9.1.1589
v9.1.1590
v9.1.1591
v9.1.1592
v9.1.1593
v9.1.1594
v9.1.1595
v9.1.1596
v9.1.1597
v9.1.1598
v9.1.1599
v9.1.1600
v9.1.1601
v9.1.1602
v9.1.1603
v9.1.1604
v9.1.1605
v9.1.1606
v9.1.1607
v9.1.1608
v9.1.1609
v9.1.1610
v9.1.1611
v9.1.1612
v9.1.1613
v9.1.1614
v9.1.1615

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9390.json"
vanir_signatures_modified 
"2026-04-12T22:06:22Z"
vanir_signatures 
[
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "146200493773228420153804765641940418619",
                "303976677791630286096045370925254338436",
                "121574565101660150049825050709379521444",
                "119557921091085456748924720331822243908"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-9390-545cd7d2",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0",
        "target": {
            "file": "src/version.c"
        }
    },
    {
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "158087685137704314170311652646734074912",
                "89614836006123446940882212557251093597",
                "326357989856749730751812924593347172047",
                "291110553696249106278240497664780906679",
                "260802338558753997844932921427808237206",
                "334319519211017816964855896791474646317",
                "255075478571797577041046332989960932485",
                "78902608737783707864810700874854025632",
                "184490192128955350613100218089405440403",
                "237300896181439364795650945344408309731",
                "300951593696228600760190804732080773978",
                "70879017677679359255211148090922466651",
                "40175417942086987455638428709504420426",
                "97648455128164993643778868208302862644",
                "41938932438571335929600091967327023894",
                "104404853967886445003422184510568633011",
                "141713077402126074255614984636022793020"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-9390-6de4fabc",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0",
        "target": {
            "file": "src/xxd/xxd.c"
        }
    },
    {
        "signature_type": "Function",
        "digest": {
            "length": 10766.0,
            "function_hash": "210730670501933845658456527682973390957"
        },
        "id": "CVE-2025-9390-c0097d10",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0",
        "target": {
            "file": "src/xxd/xxd.c",
            "function": "main"
        }
    }
]