Command-Line Editor Vim Hit by Vulnerability Allowing File Overwrites

Command-Line Editor Vim Hit by Vulnerability Allowing File Overwrites A critical security vulnerability has been discovered in Vim, the popular open-source command-line text editor, that could allow attackers to overwrite arbitrary files on users’ systems. The vulnerability, designated CVE-2025-53906, was published on July 15, 2025, and affects all versions of Vim prior to 9.1.1551. The security flaw stems from apath traversalissue within Vim’s zip.vim plugin, which handles zip archive files. When users open specially crafted zip archives using Vim, malicious actors can exploit this vulnerability to overwrite sensitive files or place executable code in privileged locations on the target system. The attack vector relies on manipulating file paths within zip archives to escape intended directory restrictions. According to theCommon Vulnerability Scoring System(CVSS), the vulnerability has been assigned a medium severity rating of 4.1. The scoring reflects several factors that limit the e...