Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: vim Moderate Path Traversal Threats Update 2025:03240-1

suse
Calendar Grey September 16, 2025
Dist Suse Esm H88
Recent revision for vim resolves significant concerns such as the potential for file overwriting and vulnerabilities related to path traversal.
* bsc#1246602 * bsc#1246604 * bsc#1247938 * bsc#1247939

Summary

## This update for vim fixes the following issues: Update to version 9.1.1629. * CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening specially crafted tar files (bsc#1246604). * CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening specially crafted zip files (bsc#1246602). * CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938). * CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory moderate SuSE file overwrite vim path traversal

References

* bsc#1246602

* bsc#1246604

* bsc#1247938

* bsc#1247939

Cross-

* CVE-2025-53905

* CVE-2025-53906

* CVE-2025-55157

* CVE-2025-55158

CVSS scores:

* CVE-2025-53905 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-53905 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53905 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53906 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

* CVE-2025-53906 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53906 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-55157 ( SUSE ): 6.7

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Announcement ID: SUSE-SU-2025:03240-1
Release Date: 2025-09-16T19:57:35Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SuSE file overwrite vim path traversal

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here