CVE-2025-9389

Sažetak

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

Reference

https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing
https://github.com/vim/vim/issues/17940
https://github.com/vim/vim/issues/17940#issuecomment-3203415781
https://vuldb.com/?ctiid.321222
https://vuldb.com/?id.321222
https://vuldb.com/?submit.630898
https://github.com/vim/vim/issues/17940
https://github.com/vim/vim/issues/17940#issuecomment-3203415781
https://vuldb.com/?submit.630898

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

12-09-2025 - 18:38

Objavljeno

24-08-2025 - 13:15