CVE-2025-66476

Published: Dec 2, 2025

Modified: Feb 26, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Vendor	Product	Versions
vim	vim	affected `< 9.1.1947`

Weaknesses (CWE)

CWE-427

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834

x_refsource_CONFIRM

https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25

x_refsource_MISC

https://github.com/vim/vim/releases/tag/v9.1.1947

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-66476

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References