Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: nano High Directory Traversal Memory Vulnerabilities 2025:20700-2

suse
Calendar Grey September 17, 2025
Dist Suse Esm H88
An update aimed at enhancing security for vim addresses several path traversal and buffer vulnerabilities, promoting safer interactions in SUSE Micro setups.
* bsc#1246602 * bsc#1246604 * bsc#1247938 * bsc#1247939

Summary

## This update for vim fixes the following issues: * CVE-2025-53906: Fixed malicious zip archive causing path traversal (bsc#1246602) * CVE-2025-53905: Fixed malicious tar archive causing path traversal (bsc#1246604) * CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) * CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) * Update to 9.1.1629: 9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function 9.1.1628: fuzzy.c has a few issues 9.1.1627: fuzzy matching can be improved 9.1.1626: cindent: does not handle compound literals 9.1.1625: Autocompletion slow with include- and tag-completion 9.1.1624: Cscope not enabled on MacOS 9.1.1623: Buffer menu does not handle

Topics%20covered

Topics Covered

security advisory moderate buffer overflow SuSE vim path traversal

References

* bsc#1246602

* bsc#1246604

* bsc#1247938

* bsc#1247939

Cross-

* CVE-2025-53905

* CVE-2025-53906

* CVE-2025-55157

* CVE-2025-55158

CVSS scores:

* CVE-2025-53905 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-53905 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53905 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53906 ( SUSE ): 1.8

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L

* CVE-2025-53906 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-53906 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

* CVE-2025-55157 ( SUSE ): 6.7

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Announcement ID: SUSE-SU-2025:20696-1
Release Date: 2025-09-11T10:29:42Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate buffer overflow SuSE vim path traversal

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here