Moderate: vim security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4715", "synopsis": "Moderate: vim security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for vim.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: Vim: Arbitrary code execution via 'helpfile' option processing (CVE-2026-25749)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2437843", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2437843", "description": ""}], "cves": [{"name": "CVE-2026-25749", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-25749", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.3", "cwe": "CWE-120"}], "references": [], "publishedAt": "2026-03-27T12:07:50.770013Z", "rpms": {"Rocky Linux 10": {"nvras": ["xxd-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "xxd-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.ppc64le.rpm", "xxd-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-2:9.1.083-6.el10_1.1.ppc64le.rpm","vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-data-2:9.1.083-6.el10_1.1.noarch.rpm", "vim-enhanced-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-2:9.1.083-6.el10_1.1.src.rpm", "vim-filesystem-2:9.1.083-6.el10_1.1.noarch.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.x86_64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-X11-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.aarch64.rpm", "xxd-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-debuginfo-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-common-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-X11-debuginfo-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-minimal-debuginfo-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-common-2:9.1.083-6.el10_1.1.x86_64.rpm", "vim-enhanced-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-debugsource-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.aarch64.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-common-2:9.1.083-6.el10_1.1.ppc64le.rpm", "vim-X11-2:9.1.083-6.el10_1.1.s390x.rpm", "vim-minimal-2:9.1.083-6.el10_1.1.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security update available for vim on Rocky Linux addresses arbitrary code execution risk with CVE-2026-25749.. Rocky Linux vim security update CVE-2026-25749. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.