CVE-2025-9389: 
Vim vulnerability analysis and mitigation

A memory corruption vulnerability (CVE-2025-9389) was identified in vim version 9.1.0000, specifically affecting the _memmoveavxunalignederms function in the memmove-vec-unaligned-erms.S file. The vulnerability was discovered on August 24, 2025, and requires local access to exploit. The issue affects the vim text editor and its associated xxd utility, particularly when operating in autoskip mode (NVD, VulDB).

The vulnerability occurs in the _memmoveavxunalignederms function during memory operations, specifically when processing files with the autoskip flag (-a) enabled. The issue stems from improper boundary checking during null-line detection and subsequent asterisk replacement operations. The vulnerability has received a CVSS v4.0 base score of 4.8 (Medium) with vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N, and a CVSS v3.1 base score of 3.3 (Low) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (Github Issue).

When exploited, this vulnerability leads to memory corruption that can result in application crashes, causing a denial of service condition. The impact primarily affects system availability, with no direct impact on confidentiality or integrity. Some users have reported inconsistent behavior, particularly noting that the issue may not manifest when coloring is enabled (Red Hat).

At the time of this analysis, an official patch has not been released. Users are advised to upgrade to vim-9.1.0000 or the latest version when available. As a temporary workaround, users should avoid using the xxd utility with the autoskip (-a) flag when processing untrusted input files (Red Hat).