Login Sign Up

CVE-2025-53905

4.1 MEDIUM
Path Traversal

📋 TL;DR

A path traversal vulnerability in Vim's tar.vim plugin allows specially crafted tar archives to overwrite arbitrary files when opened. This affects Vim users who open untrusted tar archives, requiring direct user interaction but potentially leading to file corruption or code execution.

💻 Affected Systems

Products:
  • Vim
Versions: All versions prior to 9.1.1552
Operating Systems: All operating systems running Vim
Default Config Vulnerable: ⚠️ Yes
Notes: Requires tar.vim plugin which is included by default in Vim distributions.

📦 What is this software?

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary file overwrite leading to privilege escalation, sensitive data destruction, or remote code execution if executable files are placed in privileged locations.

🟠

Likely Case

Local file corruption or overwrite of user files when opening malicious tar archives, with limited scope due to user interaction requirement.

🟢

If Mitigated

No impact if users don't open untrusted tar archives or have patched Vim versions.

🌐 Internet-Facing: LOW - Requires user to download and open a malicious tar archive, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious archives, potentially affecting shared systems or user files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious tar archive and may be detectable by observant users due to unusual file paths/content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.1552

Vendor Advisory: https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr

Restart Required: No

Instructions:

1. Update Vim to version 9.1.1552 or later. 2. For package managers: 'sudo apt update && sudo apt upgrade vim' (Debian/Ubuntu) or 'sudo yum update vim' (RHEL/CentOS). 3. For source builds: Pull latest from https://github.com/vim/vim and rebuild.

🔧 Temporary Workarounds

Disable tar.vim plugin

all

Prevent Vim from automatically processing tar archives by disabling the tar.vim plugin

Add 'let g:loaded_tarPlugin = 1' to your .vimrc file

Use alternative archive tools

linux

Extract tar archives using command-line tools instead of opening directly in Vim

Use 'tar -xf archive.tar' to extract before editing files

🧯 If You Can't Patch

  • Avoid opening untrusted tar archives directly in Vim - extract first using system tools
  • Implement user awareness training about risks of opening untrusted archives

🔍 How to Verify

Check if Vulnerable:

Check Vim version with 'vim --version' and verify it's below 9.1.1552

Check Version:

vim --version | head -1

Verify Fix Applied:

Confirm Vim version is 9.1.1552 or higher with 'vim --version | head -1'

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns when Vim processes tar archives
  • Vim process accessing unexpected file paths

Network Indicators:

  • Download of tar archives followed by Vim process execution

SIEM Query:

Process: (vim OR gvim) AND FilePath: (*.tar OR *.tar.gz OR *.tgz)

📊 Metadata

CVE ID: CVE-2025-53905
CVSS v3 Score: 4.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L
CWE: CWE-22
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: July 15, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53905, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)