CVE-2025-9390

CVE-2025-9390

Name

CVE-2025-9390

Description

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
exploit	https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing
patch	https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0
issue-tracking	https://github.com/vim/vim/issues/17944
issue-tracking	https://github.com/vim/vim/pull/17947
patch	https://github.com/vim/vim/releases/tag/v9.1.1616
signature	https://vuldb.com/?ctiid.321223
vdb-entry	https://vuldb.com/?id.321223
third-party-advisory	https://vuldb.com/?submit.630903

Type

URI

exploit

https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing

patch

https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0

issue-tracking

https://github.com/vim/vim/issues/17944

issue-tracking

https://github.com/vim/vim/pull/17947

patch

https://github.com/vim/vim/releases/tag/v9.1.1616

signature

https://vuldb.com/?ctiid.321223

vdb-entry

https://vuldb.com/?id.321223

third-party-advisory

https://vuldb.com/?submit.630903

Match rules

CPE URI	Source package	Min version	Max version
	vim	== 9.1.1615	== 9.1.1615
	vim	== 9.1.1616	== 9.1.1616
`cpe:2.3:a:vim:vim::::::::`	vim	>= None	<= 9.1.1615
`cpe:2.3:a:vim:vim::::::::`	vim	>= 9.1.1459	< 9.1.1616

CPE URI

Source package

Min version

Max version

vim

== 9.1.1615

vim

== 9.1.1616

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

vim

>= None

<= 9.1.1615

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

vim

>= 9.1.1459

< 9.1.1616

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
vim	edge-main	9.1.1616-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1595-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1593-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1591-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1582-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1582-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1566-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1557-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	edge-main	9.1.1557-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1552-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1533-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1533-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1516-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1485-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1471-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1457-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1415-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1406-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1397-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1379-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1202-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1202-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1164-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1105-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1012-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.1003-r0	None	possibly vulnerable
vim	edge-main	9.1.0936-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.0707-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.0678-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.1.0652-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.2127-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.2112-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.2073-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1994-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1888-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1413-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1395-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1251-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1198-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.1167-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0999-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0815-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0636-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0598-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0437-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0369-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0270-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0224-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	9.0.0050-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.5170-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.5055-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.5000-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4969-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4836-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4708-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4619-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4542-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4350-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.4173-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3779-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3650-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3567-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3500-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.2.3437-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	edge-main	8.1.1365-r0	None	possibly vulnerable
vim	edge-main	8.0.1521-r0	None	possibly vulnerable
vim	edge-main	8.0.0329-r0	None	possibly vulnerable
vim	edge-main	8.0.0056-r0	None	possibly vulnerable
vim	3.22-main	9.1.1566-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
vim	3.22-main	9.1.1415-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.22-main	9.1.1202-r0	None	possibly vulnerable
vim	3.22-main	9.1.1164-r0	None	possibly vulnerable
vim	3.22-main	9.1.1105-r0	None	possibly vulnerable
vim	3.22-main	9.1.1003-r0	None	possibly vulnerable
vim	3.22-main	9.1.0936-r0	None	possibly vulnerable
vim	3.22-main	9.1.0707-r0	None	possibly vulnerable
vim	3.22-main	9.1.0678-r0	None	possibly vulnerable
vim	3.22-main	9.1.0652-r0	None	possibly vulnerable
vim	3.22-main	9.0.2127-r0	None	possibly vulnerable
vim	3.22-main	9.0.2112-r0	None	possibly vulnerable
vim	3.22-main	9.0.2073-r0	None	possibly vulnerable
vim	3.22-main	9.0.1994-r0	None	possibly vulnerable
vim	3.22-main	9.0.1888-r0	None	possibly vulnerable
vim	3.22-main	9.0.1413-r0	None	possibly vulnerable
vim	3.22-main	9.0.1395-r0	None	possibly vulnerable
vim	3.22-main	9.0.1251-r0	None	possibly vulnerable
vim	3.22-main	9.0.1198-r0	None	possibly vulnerable
vim	3.22-main	9.0.1167-r0	None	possibly vulnerable
vim	3.22-main	9.0.0999-r0	None	possibly vulnerable
vim	3.22-main	9.0.0815-r0	None	possibly vulnerable
vim	3.22-main	9.0.0636-r0	None	possibly vulnerable
vim	3.22-main	9.0.0598-r0	None	possibly vulnerable
vim	3.22-main	9.0.0437-r0	None	possibly vulnerable
vim	3.22-main	9.0.0369-r0	None	possibly vulnerable
vim	3.22-main	9.0.0270-r0	None	possibly vulnerable
vim	3.22-main	9.0.0224-r0	None	possibly vulnerable
vim	3.22-main	9.0.0050-r0	None	possibly vulnerable
vim	3.22-main	8.2.5170-r0	None	possibly vulnerable
vim	3.22-main	8.2.5055-r0	None	possibly vulnerable
vim	3.22-main	8.2.5000-r0	None	possibly vulnerable
vim	3.22-main	8.2.4969-r0	None	possibly vulnerable
vim	3.22-main	8.2.4836-r0	None	possibly vulnerable
vim	3.22-main	8.2.4708-r0	None	possibly vulnerable
vim	3.22-main	8.2.4619-r0	None	possibly vulnerable
vim	3.22-main	8.2.4542-r0	None	possibly vulnerable
vim	3.22-main	8.2.4350-r0	None	possibly vulnerable
vim	3.22-main	8.2.4173-r0	None	possibly vulnerable
vim	3.22-main	8.2.3779-r0	None	possibly vulnerable
vim	3.22-main	8.2.3650-r0	None	possibly vulnerable
vim	3.22-main	8.2.3567-r0	None	possibly vulnerable
vim	3.22-main	8.2.3500-r0	None	possibly vulnerable
vim	3.22-main	8.2.3437-r0	None	possibly vulnerable
vim	3.22-main	8.1.1365-r0	None	possibly vulnerable
vim	3.22-main	8.0.1521-r0	None	possibly vulnerable
vim	3.22-main	8.0.0329-r0	None	possibly vulnerable
vim	3.22-main	8.0.0056-r0	None	possibly vulnerable
vim	3.21-main	9.1.1105-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.21-main	9.1.1012-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.21-main	9.1.1003-r0	None	possibly vulnerable
vim	3.21-main	9.1.0936-r0	None	possibly vulnerable
vim	3.21-main	9.1.0707-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.21-main	9.1.0678-r0	None	possibly vulnerable
vim	3.21-main	9.1.0652-r0	None	possibly vulnerable
vim	3.21-main	9.0.2127-r0	None	possibly vulnerable
vim	3.21-main	9.0.2112-r0	None	possibly vulnerable
vim	3.21-main	9.0.2073-r0	None	possibly vulnerable
vim	3.21-main	9.0.1994-r0	None	possibly vulnerable
vim	3.21-main	9.0.1888-r0	None	possibly vulnerable
vim	3.21-main	9.0.1413-r0	None	possibly vulnerable
vim	3.21-main	9.0.1395-r0	None	possibly vulnerable
vim	3.21-main	9.0.1251-r0	None	possibly vulnerable
vim	3.21-main	9.0.1198-r0	None	possibly vulnerable
vim	3.21-main	9.0.1167-r0	None	possibly vulnerable
vim	3.21-main	9.0.0999-r0	None	possibly vulnerable
vim	3.21-main	9.0.0815-r0	None	possibly vulnerable
vim	3.21-main	9.0.0636-r0	None	possibly vulnerable
vim	3.21-main	9.0.0598-r0	None	possibly vulnerable
vim	3.21-main	9.0.0437-r0	None	possibly vulnerable
vim	3.21-main	9.0.0369-r0	None	possibly vulnerable
vim	3.21-main	9.0.0270-r0	None	possibly vulnerable
vim	3.21-main	9.0.0224-r0	None	possibly vulnerable
vim	3.21-main	9.0.0050-r0	None	possibly vulnerable
vim	3.21-main	8.2.5170-r0	None	possibly vulnerable
vim	3.21-main	8.2.5055-r0	None	possibly vulnerable
vim	3.21-main	8.2.5000-r0	None	possibly vulnerable
vim	3.21-main	8.2.4969-r0	None	possibly vulnerable
vim	3.21-main	8.2.4836-r0	None	possibly vulnerable
vim	3.21-main	8.2.4708-r0	None	possibly vulnerable
vim	3.21-main	8.2.4619-r0	None	possibly vulnerable
vim	3.21-main	8.2.4542-r0	None	possibly vulnerable
vim	3.21-main	8.2.4350-r0	None	possibly vulnerable
vim	3.21-main	8.2.4173-r0	None	possibly vulnerable
vim	3.21-main	8.2.3779-r0	None	possibly vulnerable
vim	3.21-main	8.2.3650-r0	None	possibly vulnerable
vim	3.21-main	8.2.3567-r0	None	possibly vulnerable
vim	3.21-main	8.2.3500-r0	None	possibly vulnerable
vim	3.21-main	8.2.3437-r0	None	possibly vulnerable
vim	3.21-main	8.1.1365-r0	None	possibly vulnerable
vim	3.21-main	8.0.1521-r0	None	possibly vulnerable
vim	3.21-main	8.0.0329-r0	None	possibly vulnerable
vim	3.21-main	8.0.0056-r0	None	possibly vulnerable
vim	3.20-main	9.1.0707-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.20-main	9.1.0678-r0	None	possibly vulnerable
vim	3.20-main	9.1.0652-r0	None	possibly vulnerable
vim	3.20-main	9.0.2127-r0	None	possibly vulnerable
vim	3.20-main	9.0.2112-r0	None	possibly vulnerable
vim	3.20-main	9.0.2073-r0	None	possibly vulnerable
vim	3.20-main	9.0.1994-r0	None	possibly vulnerable
vim	3.20-main	9.0.1888-r0	None	possibly vulnerable
vim	3.20-main	9.0.1413-r0	None	possibly vulnerable
vim	3.20-main	9.0.1395-r0	None	possibly vulnerable
vim	3.20-main	9.0.1251-r0	None	possibly vulnerable
vim	3.20-main	9.0.1198-r0	None	possibly vulnerable
vim	3.20-main	9.0.1167-r0	None	possibly vulnerable
vim	3.20-main	9.0.0999-r0	None	possibly vulnerable
vim	3.20-main	9.0.0815-r0	None	possibly vulnerable
vim	3.20-main	9.0.0636-r0	None	possibly vulnerable
vim	3.20-main	9.0.0598-r0	None	possibly vulnerable
vim	3.20-main	9.0.0437-r0	None	possibly vulnerable
vim	3.20-main	9.0.0369-r0	None	possibly vulnerable
vim	3.20-main	9.0.0270-r0	None	possibly vulnerable
vim	3.20-main	9.0.0224-r0	None	possibly vulnerable
vim	3.20-main	9.0.0050-r0	None	possibly vulnerable
vim	3.20-main	8.2.5170-r0	None	possibly vulnerable
vim	3.20-main	8.2.5055-r0	None	possibly vulnerable
vim	3.20-main	8.2.5000-r0	None	possibly vulnerable
vim	3.20-main	8.2.4969-r0	None	possibly vulnerable
vim	3.20-main	8.2.4836-r0	None	possibly vulnerable
vim	3.20-main	8.2.4708-r0	None	possibly vulnerable
vim	3.20-main	8.2.4619-r0	None	possibly vulnerable
vim	3.20-main	8.2.4542-r0	None	possibly vulnerable
vim	3.20-main	8.2.4350-r0	None	possibly vulnerable
vim	3.20-main	8.2.4173-r0	None	possibly vulnerable
vim	3.20-main	8.2.3779-r0	None	possibly vulnerable
vim	3.20-main	8.2.3650-r0	None	possibly vulnerable
vim	3.20-main	8.2.3567-r0	None	possibly vulnerable
vim	3.20-main	8.2.3500-r0	None	possibly vulnerable
vim	3.20-main	8.2.3437-r0	None	possibly vulnerable
vim	3.20-main	8.1.1365-r0	None	possibly vulnerable
vim	3.20-main	8.0.1521-r0	None	possibly vulnerable
vim	3.20-main	8.0.0329-r0	None	possibly vulnerable
vim	3.20-main	8.0.0056-r0	None	possibly vulnerable
vim	3.19-main	9.0.2127-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
vim	3.19-main	9.0.2112-r0	None	possibly vulnerable
vim	3.19-main	9.0.2073-r0	None	possibly vulnerable
vim	3.19-main	9.0.1994-r0	None	possibly vulnerable
vim	3.19-main	9.0.1888-r0	None	possibly vulnerable
vim	3.19-main	9.0.1413-r0	None	possibly vulnerable
vim	3.19-main	9.0.1395-r0	None	possibly vulnerable
vim	3.19-main	9.0.1251-r0	None	possibly vulnerable
vim	3.19-main	9.0.1198-r0	None	possibly vulnerable
vim	3.19-main	9.0.1167-r0	None	possibly vulnerable
vim	3.19-main	9.0.0999-r0	None	possibly vulnerable
vim	3.19-main	9.0.0815-r0	None	possibly vulnerable
vim	3.19-main	9.0.0636-r0	None	possibly vulnerable
vim	3.19-main	9.0.0598-r0	None	possibly vulnerable
vim	3.19-main	9.0.0437-r0	None	possibly vulnerable
vim	3.19-main	9.0.0369-r0	None	possibly vulnerable
vim	3.19-main	9.0.0270-r0	None	possibly vulnerable
vim	3.19-main	9.0.0224-r0	None	possibly vulnerable
vim	3.19-main	9.0.0050-r0	None	possibly vulnerable
vim	3.19-main	8.2.5170-r0	None	possibly vulnerable
vim	3.19-main	8.2.5055-r0	None	possibly vulnerable
vim	3.19-main	8.2.5000-r0	None	possibly vulnerable
vim	3.19-main	8.2.4969-r0	None	possibly vulnerable
vim	3.19-main	8.2.4836-r0	None	possibly vulnerable
vim	3.19-main	8.2.4708-r0	None	possibly vulnerable
vim	3.19-main	8.2.4619-r0	None	possibly vulnerable
vim	3.19-main	8.2.4542-r0	None	possibly vulnerable
vim	3.19-main	8.2.4350-r0	None	possibly vulnerable
vim	3.19-main	8.2.4173-r0	None	possibly vulnerable
vim	3.19-main	8.2.3779-r0	None	possibly vulnerable
vim	3.19-main	8.2.3650-r0	None	possibly vulnerable
vim	3.19-main	8.2.3567-r0	None	possibly vulnerable
vim	3.19-main	8.2.3500-r0	None	possibly vulnerable
vim	3.19-main	8.2.3437-r0	None	possibly vulnerable
vim	3.19-main	8.1.1365-r0	None	possibly vulnerable
vim	3.19-main	8.0.1521-r0	None	possibly vulnerable
vim	3.19-main	8.0.0329-r0	None	possibly vulnerable
vim	3.19-main	8.0.0056-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages