UBUNTU-CVE-2025-66476
- Source
- https://ubuntu.com/security/CVE-2025-66476
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66476.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-66476
- Upstream
- Withdrawn
- 2025-12-12T05:35:59Z
- Published
- 2025-12-02T22:16:00Z
- Modified
- 2025-12-12T08:59:10.932827Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
- References
-
- https://ubuntu.com/security/CVE-2025-66476
- https://www.cve.org/CVERecord?id=CVE-2025-66476
- https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834
- https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25
- https://github.com/vim/vim/releases/tag/v9.1.1947
- http://www.openwall.com/lists/oss-security/2025/12/02/5
Affected packages
Ubuntu:20.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.32?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:8.*
2:8.1.0875-5ubuntu2
2:8.1.0875-5ubuntu3
2:8.1.0875-5ubuntu4
2:8.1.2269-1ubuntu1
2:8.1.2269-1ubuntu4
2:8.1.2269-1ubuntu5
2:8.1.2269-1ubuntu5.3
2:8.1.2269-1ubuntu5.4
2:8.1.2269-1ubuntu5.6
2:8.1.2269-1ubuntu5.7
2:8.1.2269-1ubuntu5.8
2:8.1.2269-1ubuntu5.9
2:8.1.2269-1ubuntu5.11
2:8.1.2269-1ubuntu5.12
2:8.1.2269-1ubuntu5.13
2:8.1.2269-1ubuntu5.14
2:8.1.2269-1ubuntu5.15
2:8.1.2269-1ubuntu5.16
2:8.1.2269-1ubuntu5.17
2:8.1.2269-1ubuntu5.18
2:8.1.2269-1ubuntu5.20
2:8.1.2269-1ubuntu5.21
2:8.1.2269-1ubuntu5.22
2:8.1.2269-1ubuntu5.23
2:8.1.2269-1ubuntu5.24
2:8.1.2269-1ubuntu5.25
2:8.1.2269-1ubuntu5.26
2:8.1.2269-1ubuntu5.29
2:8.1.2269-1ubuntu5.30
2:8.1.2269-1ubuntu5.31
2:8.1.2269-1ubuntu5.32
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-athena"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-common"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-gtk"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-nox"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:8.1.2269-1ubuntu5.32",
"binary_name": "xxd"
}
]
}Ubuntu:22.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:8.2.3995-1ubuntu2.24?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:8.*
2:8.2.2434-3ubuntu3
2:8.2.2434-3ubuntu4
2:8.2.3565-1ubuntu1
2:8.2.3565-1ubuntu2
2:8.2.3565-1ubuntu3
2:8.2.3565-1ubuntu5
2:8.2.3995-1ubuntu1
2:8.2.3995-1ubuntu2
2:8.2.3995-1ubuntu2.1
2:8.2.3995-1ubuntu2.3
2:8.2.3995-1ubuntu2.4
2:8.2.3995-1ubuntu2.5
2:8.2.3995-1ubuntu2.7
2:8.2.3995-1ubuntu2.8
2:8.2.3995-1ubuntu2.9
2:8.2.3995-1ubuntu2.10
2:8.2.3995-1ubuntu2.11
2:8.2.3995-1ubuntu2.12
2:8.2.3995-1ubuntu2.13
2:8.2.3995-1ubuntu2.15
2:8.2.3995-1ubuntu2.16
2:8.2.3995-1ubuntu2.17
2:8.2.3995-1ubuntu2.18
2:8.2.3995-1ubuntu2.19
2:8.2.3995-1ubuntu2.20
2:8.2.3995-1ubuntu2.21
2:8.2.3995-1ubuntu2.22
2:8.2.3995-1ubuntu2.23
2:8.2.3995-1ubuntu2.24
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-athena"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-common"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-gtk"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-nox"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:8.2.3995-1ubuntu2.24",
"binary_name": "xxd"
}
]
}Ubuntu:24.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:9.1.0016-1ubuntu7.9?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:9.*
2:9.0.1672-1ubuntu2
2:9.0.2087-1ubuntu1
2:9.0.2116-1ubuntu1
2:9.0.2116-1ubuntu2
2:9.0.2184-0ubuntu1
2:9.0.2189-1ubuntu1
2:9.1.0-1ubuntu1
2:9.1.0016-1ubuntu2
2:9.1.0016-1ubuntu6
2:9.1.0016-1ubuntu7
2:9.1.0016-1ubuntu7.1
2:9.1.0016-1ubuntu7.2
2:9.1.0016-1ubuntu7.3
2:9.1.0016-1ubuntu7.4
2:9.1.0016-1ubuntu7.5
2:9.1.0016-1ubuntu7.6
2:9.1.0016-1ubuntu7.7
2:9.1.0016-1ubuntu7.8
2:9.1.0016-1ubuntu7.9
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-athena"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-common"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-motif"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-nox"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "xxd"
}
]
}Ubuntu:25.04
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:9.1.0967-1ubuntu4.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:9.*
2:9.1.0496-1ubuntu6
2:9.1.0777-1ubuntu1
2:9.1.0861-1ubuntu1
2:9.1.0967-1ubuntu2
2:9.1.0967-1ubuntu3
2:9.1.0967-1ubuntu4
2:9.1.0967-1ubuntu4.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-athena"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-motif"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-nox"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "xxd"
}
]
}Ubuntu:25.10
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:9.1.0967-1ubuntu6?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-athena"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-motif"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-nox"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:9.1.0967-1ubuntu6",
"binary_name": "xxd"
}
]
}Ubuntu:Pro:14.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:7.4.052-1ubuntu3.1+esm22?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:7.*
2:7.4.000-1ubuntu2
2:7.4.052-1ubuntu1
2:7.4.052-1ubuntu2
2:7.4.052-1ubuntu3
2:7.4.052-1ubuntu3.1
2:7.4.052-1ubuntu3.1+esm1
2:7.4.052-1ubuntu3.1+esm3
2:7.4.052-1ubuntu3.1+esm4
2:7.4.052-1ubuntu3.1+esm5
2:7.4.052-1ubuntu3.1+esm6
2:7.4.052-1ubuntu3.1+esm7
2:7.4.052-1ubuntu3.1+esm8
2:7.4.052-1ubuntu3.1+esm9
2:7.4.052-1ubuntu3.1+esm10
2:7.4.052-1ubuntu3.1+esm11
2:7.4.052-1ubuntu3.1+esm12
2:7.4.052-1ubuntu3.1+esm13
2:7.4.052-1ubuntu3.1+esm14
2:7.4.052-1ubuntu3.1+esm15
2:7.4.052-1ubuntu3.1+esm16
2:7.4.052-1ubuntu3.1+esm17
2:7.4.052-1ubuntu3.1+esm18
2:7.4.052-1ubuntu3.1+esm19
2:7.4.052-1ubuntu3.1+esm20
2:7.4.052-1ubuntu3.1+esm21
2:7.4.052-1ubuntu3.1+esm22
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-athena"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-common"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-gnome"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-gtk"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-lesstif"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-nox"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:7.4.052-1ubuntu3.1+esm22",
"binary_name": "vim-tiny"
}
]
}Ubuntu:Pro:16.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:7.4.1689-3ubuntu1.5+esm28?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:7.*
2:7.4.712-2ubuntu4
2:7.4.826-1ubuntu1
2:7.4.826-1ubuntu2
2:7.4.826-1ubuntu3
2:7.4.963-1ubuntu1
2:7.4.963-1ubuntu4
2:7.4.963-1ubuntu5
2:7.4.1689-3ubuntu1
2:7.4.1689-3ubuntu1.1
2:7.4.1689-3ubuntu1.2
2:7.4.1689-3ubuntu1.3
2:7.4.1689-3ubuntu1.4
2:7.4.1689-3ubuntu1.5
2:7.4.1689-3ubuntu1.5+esm2
2:7.4.1689-3ubuntu1.5+esm3
2:7.4.1689-3ubuntu1.5+esm4
2:7.4.1689-3ubuntu1.5+esm5
2:7.4.1689-3ubuntu1.5+esm6
2:7.4.1689-3ubuntu1.5+esm7
2:7.4.1689-3ubuntu1.5+esm8
2:7.4.1689-3ubuntu1.5+esm10
2:7.4.1689-3ubuntu1.5+esm11
2:7.4.1689-3ubuntu1.5+esm12
2:7.4.1689-3ubuntu1.5+esm13
2:7.4.1689-3ubuntu1.5+esm14
2:7.4.1689-3ubuntu1.5+esm15
2:7.4.1689-3ubuntu1.5+esm17
2:7.4.1689-3ubuntu1.5+esm18
2:7.4.1689-3ubuntu1.5+esm19
2:7.4.1689-3ubuntu1.5+esm20
2:7.4.1689-3ubuntu1.5+esm22
2:7.4.1689-3ubuntu1.5+esm23
2:7.4.1689-3ubuntu1.5+esm24
2:7.4.1689-3ubuntu1.5+esm25
2:7.4.1689-3ubuntu1.5+esm26
2:7.4.1689-3ubuntu1.5+esm27
2:7.4.1689-3ubuntu1.5+esm28
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-athena"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-athena-py2"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-common"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gnome"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gnome-py2"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gtk"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gtk-py2"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gtk3-py2"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-nox"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-nox-py2"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:7.4.1689-3ubuntu1.5+esm28",
"binary_name": "vim-tiny"
}
]
}Ubuntu:Pro:18.04:LTS
vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:8.0.1453-1ubuntu1.13+esm13?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:8.*
2:8.0.0197-4ubuntu5
2:8.0.1144-1ubuntu1
2:8.0.1401-1ubuntu1
2:8.0.1401-1ubuntu2
2:8.0.1401-1ubuntu3
2:8.0.1453-1ubuntu1
2:8.0.1453-1ubuntu1.1
2:8.0.1453-1ubuntu1.3
2:8.0.1453-1ubuntu1.4
2:8.0.1453-1ubuntu1.6
2:8.0.1453-1ubuntu1.7
2:8.0.1453-1ubuntu1.8
2:8.0.1453-1ubuntu1.9
2:8.0.1453-1ubuntu1.10
2:8.0.1453-1ubuntu1.11
2:8.0.1453-1ubuntu1.12
2:8.0.1453-1ubuntu1.13
2:8.0.1453-1ubuntu1.13+esm1
2:8.0.1453-1ubuntu1.13+esm3
2:8.0.1453-1ubuntu1.13+esm4
2:8.0.1453-1ubuntu1.13+esm5
2:8.0.1453-1ubuntu1.13+esm6
2:8.0.1453-1ubuntu1.13+esm7
2:8.0.1453-1ubuntu1.13+esm8
2:8.0.1453-1ubuntu1.13+esm9
2:8.0.1453-1ubuntu1.13+esm10
2:8.0.1453-1ubuntu1.13+esm11
2:8.0.1453-1ubuntu1.13+esm12
2:8.0.1453-1ubuntu1.13+esm13
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-athena"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-common"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-gnome"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-gtk"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-nox"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:8.0.1453-1ubuntu1.13+esm13",
"binary_name": "xxd"
}
]
}