CVE-2025-66476

HIGH 7.8

Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

CWE	CWE-427
Vendor	vim
Product	vim
Published	Dec 2, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for vim vim

Be the first to know when new high vulnerabilities affecting vim vim are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

vim / vim

< 9.1.1947

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/vim/vim/security/advisories/GHSA-g77q-xrww-p834 github.com: https://github.com/vim/vim/commit/083ec6d9a3b7b09006e0ce69ac802597d25 github.com: https://github.com/vim/vim/releases/tag/v9.1.1947 openwall.com: http://www.openwall.com/lists/oss-security/2025/12/02/5