Vulnerability DatabaseCVE-2025-66476

CVE-2025-66476:
Vim vulnerability analysis and mitigation

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

7.8

Score

Published December 2, 2025

Severity HIGH

CNA Score 7.8

Affected Technologies

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 1.8

Exploitation Probability (EPSS) N/A

Affected packages and libraries

vim
cpe:2.3:a:vim:vim

Sources

NVD
Chainguard
- Chainguard Has FixAdded at: Dec 04, 2025
VulnCheck NVD++
- Linux Severity HIGHHas FixAdded at: Dec 04, 2025
- Windows Severity HIGHHas FixAdded at: Dec 04, 2025
Wolfi
- Wolfi Has FixAdded at: Dec 04, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Vim vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66476	HIGH	7.8	Vim	vim	No	Yes	Dec 02, 2025
CVE-2025-55158	MEDIUM	6.9	Vim	cpe:2.3:a:vim:vim	No	Yes	Aug 11, 2025
CVE-2025-55157	MEDIUM	6.9	Vim	cpe:2.3:a:vim:vim	No	Yes	Aug 11, 2025
CVE-2025-9390	MEDIUM	4.8	Vim	vim	No	Yes	Aug 24, 2025
CVE-2025-9389	MEDIUM	4.8	Vim	vim-filesystem	No	Yes	Aug 24, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-66476: Vim vulnerability analysis and mitigation