Home

Description

EN DE

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

In vim 9.1.0000 wurde eine Schwachstelle gefunden. Es geht dabei um die Funktion __memmove_avx_unaligned_erms der Datei memmove-vec-unaligned-erms.S. Mittels Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal möglich. Die Schwachstelle wurde öffentlich offengelegt und könnte ausgenutzt werden.

PUBLISHED Reserved 2025-08-23 | Published 2025-08-24 | Updated 2025-08-25 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C
1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C

Problem types

Memory Corruption

Timeline

2025-08-23:Advisory disclosed
2025-08-23:VulDB entry created
2025-08-23:VulDB entry last update

Credits

Xudong Cao finder

Meng Xu finder

References

vuldb.com/?id.321222 (VDB-321222 | vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption) vdb-entry technical-description

vuldb.com/?ctiid.321222 (VDB-321222 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.630898 (Submit #630898 | vim xxd vim-9.1.0000 and related xxd versions (latest master branch) Memory Corruption) third-party-advisory

github.com/vim/vim/issues/17940 issue-tracking

github.com/vim/vim/issues/17940 issue-tracking

drive.google.com/...qBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing exploit

cve.org (CVE-2025-9389)

nvd.nist.gov (CVE-2025-9389)

Download JSON