Impact
Vim executes Python code through exec() when generating omni-completion definitions, allowing an attacker to embed malicious Python expressions in a buffer that are evaluated when completion is requested. This results in arbitrary code execution governed by CWE‑94. The vulnerability can compromise confidentiality, integrity, and availability of the system running Vim.
Affected Systems
Vim versions before 9.2.0597 are affected. The issue exists in all Vim builds where Python omni-completion is enabled, regardless of the operating system or architecture.
Risk and Exploitability
The CVSS score is 7.5, indicating a high severity, but the EPSS score is not available and the vulnerability is not listed in CISA KEV, suggesting no widespread observed exploitation. The attack likely requires the user to open a specially crafted buffer and trigger omni-completion, so it is a local privilege user exploit that can lead to full code execution under the current user’s privileges. Local users with write access to a buffer can abuse this flaw, and if the user has elevated rights, the attacker could gain higher privileges.
OpenCVE Enrichment
Ubuntu USN