{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-9390", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-23T15:29:35.733Z", "datePublished": "2025-08-24T14:02:09.444Z", "dateUpdated": "2025-08-25T18:30:05.930Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-24T14:02:09.444Z"}, "title": "vim xxd xxd.c main buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "vim", "versions": [{"version": "9.1.1615", "status": "affected"}, {"version": "9.1.1616", "status": "unaffected"}], "modules": ["xxd"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In vim bis 9.1.1615 ist eine Schwachstelle entdeckt worden. Dabei geht es um die Funktion main der Datei src/xxd/xxd.c der Komponente xxd. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Das Aktualisieren auf Version 9.1.1616 kann dieses Problem l\u00f6sen. Der Patch wird als eeef7c77436a78cd27047b0f5fa6925d56de3cb0 bezeichnet. Ein Upgrade der betroffenen Komponente wird empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-08-23T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-23T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-23T17:34:50.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Xudong Cao", "type": "finder"}, {"lang": "en", "value": "Meng Xu", "type": "finder"}, {"lang": "en", "value": "nipc-cxd (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.321223", "name": "VDB-321223 | vim xxd xxd.c main buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.321223", "name": "VDB-321223 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.630903", "name": "Submit #630903 | vim xxd vim-9.1.0000 and related xxd versions (latest master branch) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/vim/vim/issues/17944", "tags": ["issue-tracking"]}, {"url": "https://github.com/vim/vim/pull/17947", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0", "tags": ["patch"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.1.1616", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://vuldb.com/?submit.630903", "tags": ["exploit"]}, {"url": "https://github.com/vim/vim/issues/17944", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T18:29:53.958698Z", "id": "CVE-2025-9390", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T18:30:05.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9390", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T18:29:53.958698Z"}}}], "references": [{"url": "https://vuldb.com/?submit.630903", "tags": ["exploit"]}, {"url": "https://github.com/vim/vim/issues/17944", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T18:29:41.551Z"}}], "cna": {"title": "vim xxd xxd.c main buffer overflow", "credits": [{"lang": "en", "type": "finder", "value": "Xudong Cao"}, {"lang": "en", "type": "finder", "value": "Meng Xu"}, {"lang": "en", "type": "reporter", "value": "nipc-cxd (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["xxd"], "product": "vim", "versions": [{"status": "affected", "version": "9.1.1615"}, {"status": "unaffected", "version": "9.1.1616"}]}], "timeline": [{"lang": "en", "time": "2025-08-23T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-23T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-23T17:34:50.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.321223", "name": "VDB-321223 | vim xxd xxd.c main buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.321223", "name": "VDB-321223 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.630903", "name": "Submit #630903 | vim xxd vim-9.1.0000 and related xxd versions (latest master branch) Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/vim/vim/issues/17944", "tags": ["issue-tracking"]}, {"url": "https://github.com/vim/vim/pull/17947", "tags": ["issue-tracking"]}, {"url": "https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0", "tags": ["patch"]}, {"url": "https://github.com/vim/vim/releases/tag/v9.1.1616", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "In vim bis 9.1.1615 ist eine Schwachstelle entdeckt worden. Dabei geht es um die Funktion main der Datei src/xxd/xxd.c der Komponente xxd. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Das Aktualisieren auf Version 9.1.1616 kann dieses Problem l\u00f6sen. Der Patch wird als eeef7c77436a78cd27047b0f5fa6925d56de3cb0 bezeichnet. Ein Upgrade der betroffenen Komponente wird empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-24T14:02:09.444Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9390", "state": "PUBLISHED", "dateUpdated": "2025-08-25T18:30:05.930Z", "dateReserved": "2025-08-23T15:29:35.733Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-24T14:02:09.444Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en vim hasta la versi\u00f3n 9.1.1615. Esta vulnerabilidad afecta a la funci\u00f3n principal del archivo src/xxd/xxd.c del componente xxd. La manipulaci\u00f3n provoca un desbordamiento de b\u00fafer. El ataque requiere un enfoque local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. La actualizaci\u00f3n a la versi\u00f3n 9.1.1616 soluciona este problema. El parche se identifica como eeef7c77436a78cd27047b0f5fa6925d56de3cb0. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-9390", "lastModified": "2025-08-25T20:24:45.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-24T14:15:32.413", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0"}, {"source": "cna@vuldb.com", "url": "https://github.com/vim/vim/issues/17944"}, {"source": "cna@vuldb.com", "url": "https://github.com/vim/vim/pull/17947"}, {"source": "cna@vuldb.com", "url": "https://github.com/vim/vim/releases/tag/v9.1.1616"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.321223"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.321223"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.630903"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/vim/vim/issues/17944"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://vuldb.com/?submit.630903"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "vim: vim xxd xxd.c main buffer overflow", "id": "2390603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2390603"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-120)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Upgrade to Vim version 9.1.1616 or later to address this issue."}, "name": "CVE-2025-9390", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "vim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-08-24T14:02:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-9390\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9390\nhttps://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing\nhttps://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0\nhttps://github.com/vim/vim/issues/17944\nhttps://github.com/vim/vim/pull/17947\nhttps://github.com/vim/vim/releases/tag/v9.1.1616\nhttps://vuldb.com/?ctiid.321223\nhttps://vuldb.com/?id.321223\nhttps://vuldb.com/?submit.630903"], "threat_severity": "Moderate"}

{"created": "2025-08-25T09:11:21.234153+00:00", "updated": "2025-08-25T09:11:21.234215+00:00", "vendors": ["vim", "vim$PRODUCT$vim"]}