Detections
Analytics
Vim < 9.1.1097 memory corruption vulnerability
low Nessus Plugin ID 216478
Language:
Synopsis
The remote host is missing a security update.Description
The version of Vim installed on the remote host is prior to 9.1.1097. It is, therefore, affected by a vulnerability as referenced in the 9_1_1097 advisory.- A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. (CVE-2025-1215)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Vim version 9.1.1097 or later.See Also
Plugin Details
Severity: Low
ID: 216478
File Name: vim_9_1_1097.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 2/19/2025
Updated: 8/14/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2025-1215
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
Risk Factor: Low
Base Score: 2.4
Threat Score: 0.9
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vulnerability Information
CPE: cpe:/a:vim:vim
Required KB Items: installed_sw/Vim, SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/15/2025
Vulnerability Publication Date: 2/12/2025
Reference Information
CVE: CVE-2025-1215
IAVA: 2025-A-0128-S