Detections
Analytics

EulerOS 2.0 SP9 : vim (EulerOS-SA-2026-1018)

medium Nessus Plugin ID 282368

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 A vulnerability, which was classified as critical, has been found in vim up to 9.1.1550 (Word Processing Software).Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Impacted is confidentiality, integrity, and availability.Upgrading to version 9.1.1551 eliminates this vulnerability.
 Applying the patch 586294a04179d855c3d1d4ee5ea83931963680b8 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-53906)

Tenable has extracted the preceding description block directly from the EulerOS vim security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected vim packages.

See Also

http://www.nessus.org/u?fd9b3f98

Plugin Details

Severity: Medium

ID: 282368

File Name: EulerOS_SA-2026-1018.nasl

Version: 1.1

Type: local

Published: 1/7/2026

Updated: 1/7/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2025-53906

CVSS v3

Risk Factor: Medium

Base Score: 4.1

Temporal Score: 3.7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:vim-minimal, p-cpe:/a:huawei:euleros:vim-common, p-cpe:/a:huawei:euleros:vim-filesystem, cpe:/o:huawei:euleros:2.0, p-cpe:/a:huawei:euleros:vim-enhanced

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/7/2026

Vulnerability Publication Date: 7/15/2025

Reference Information

CVE: CVE-2025-53906