Login Sign Up

CVE-2025-29768

4.4 MEDIUM

📋 TL;DR

Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when users view specially crafted zip files and press 'x' on unusual filenames. This affects users who open zip archives with Vim's built-in zip file handler. The risk is limited to local users who interact with malicious archives.

💻 Affected Systems

Products:
  • Vim
Versions: All versions prior to 9.1.1198
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users who open zip files with Vim's built-in zip.vim handler. Users who don't use Vim to view zip files are not affected.

📦 What is this software?

Bootstrap Os by Netapp

View all CVEs affecting Bootstrap Os →

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

User accidentally extracts or deletes files from a malicious zip archive, causing unintended data loss or corruption of local files.

🟠

Likely Case

Minimal impact since it requires user interaction with a specially crafted zip file and pressing 'x' on specific filenames - most users would avoid this interaction.

🟢

If Mitigated

No impact if users don't open untrusted zip files with Vim or have patched to version 9.1.1198 or later.

🌐 Internet-Facing: LOW - Requires local user interaction with malicious files, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious zip files, but requires specific user actions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction: opening a malicious zip file in Vim and pressing 'x' on specific filenames. No known active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.1198

Vendor Advisory: https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf

Restart Required: No

Instructions:

1. Update Vim to version 9.1.1198 or later. 2. For package managers: 'sudo apt update && sudo apt upgrade vim' (Debian/Ubuntu) or 'sudo yum update vim' (RHEL/CentOS). 3. For source builds: pull latest from https://github.com/vim/vim and rebuild.

🔧 Temporary Workarounds

Disable zip.vim plugin

all

Prevent Vim from handling zip files by disabling the zip.vim plugin

Add 'let g:loaded_zipPlugin = 1' to your .vimrc file

Avoid opening zip files with Vim

all

Use dedicated archive tools instead of Vim for zip files

🧯 If You Can't Patch

  • Train users to avoid opening untrusted zip files with Vim
  • Implement file integrity monitoring to detect unexpected file deletions

🔍 How to Verify

Check if Vulnerable:

Check Vim version with 'vim --version' and verify it's below 9.1.1198

Check Version:

vim --version | grep '^VIM'

Verify Fix Applied:

Confirm version is 9.1.1198 or higher with 'vim --version | head -1'

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in system logs
  • Vim process accessing zip files

Network Indicators:

  • None - this is a local file handling vulnerability

SIEM Query:

Process execution where process_name='vim' AND command_line CONTAINS '.zip'

📊 Metadata

CVE ID: CVE-2025-29768
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-88
EPSS Score: 0.12% exploit probability (31.2th percentile)
Published: March 13, 2025
Last Updated: August 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29768, you might also want to check these:

CVE-2023-6269 10.0

An argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF products allows una...

Same vulnerability type (CWE-88)
CVE-2024-47553 9.9

This vulnerability in Siemens SINEC Security Monitor allows authenticated low-privileged remote atta...

Same vulnerability type (CWE-88)
CVE-2024-39930 9.9

This vulnerability allows authenticated attackers to execute arbitrary code on Gogs servers by explo...

Same vulnerability type (CWE-88)