CVE-2025-9389

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-9389
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing Exploit
https://github.com/vim/vim/issues/17940 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/vim/vim/issues/17940#issuecomment-3203415781 Exploit Issue Tracking Patch
https://vuldb.com/?ctiid.321222 Permissions Required VDB Entry
https://vuldb.com/?id.321222 Third Party Advisory VDB Entry
https://vuldb.com/?submit.630898 Exploit Third Party Advisory VDB Entry
https://github.com/vim/vim/issues/17940 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/vim/vim/issues/17940#issuecomment-3203415781 Exploit Issue Tracking Patch
https://vuldb.com/?submit.630898 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:9.1.0000:*:*:*:*:*:*:*
History

12 Sep 2025, 18:38

Type Values Removed Values Added
References () https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing - () https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing - Exploit
References () https://github.com/vim/vim/issues/17940 - () https://github.com/vim/vim/issues/17940 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () https://github.com/vim/vim/issues/17940#issuecomment-3203415781 - () https://github.com/vim/vim/issues/17940#issuecomment-3203415781 - Exploit, Issue Tracking, Patch
References () https://vuldb.com/?ctiid.321222 - () https://vuldb.com/?ctiid.321222 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.321222 - () https://vuldb.com/?id.321222 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.630898 - () https://vuldb.com/?submit.630898 - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:vim:vim:9.1.0000:*:*:*:*:*:*:*
First Time Vim vim
Vim
CWE CWE-787

25 Aug 2025, 20:24

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad en vim 9.1.0000. La función __memmove_avx_unaligned_erms del archivo memmove-vec-unaligned-erms.S está afectada. La manipulación provoca corrupción de memoria. El ataque debe ejecutarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Algunos usuarios no pueden reproducirlo. Uno de ellos menciona que esto parece no funcionar cuando el coloreado está activado.
References () https://github.com/vim/vim/issues/17940 - () https://github.com/vim/vim/issues/17940 -
References () https://github.com/vim/vim/issues/17940#issuecomment-3203415781 - () https://github.com/vim/vim/issues/17940#issuecomment-3203415781 -
References () https://vuldb.com/?submit.630898 - () https://vuldb.com/?submit.630898 -

24 Aug 2025, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-24 13:15

Updated : 2025-09-12 18:38

NVD link : CVE-2025-9389

Mitre link : CVE-2025-9389

CVE.ORG link : CVE-2025-9389

JSON object : View

Products Affected

vim

  • vim
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-787

Out-of-bounds Write