CVE-2025-1215

LowPublic PoC

Published: 12 February 2025

Published

12 February 2025

Modified

13 August 2025

KEV Added

—

Patch

—

CVSS Score 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

EPSS Score 0.0004 12.1th percentile

Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1215 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Vim Vim. Its CVSS base score is 2.8 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the vulnerability by requiring timely identification, reporting, and correction of flaws like the memory corruption in Vim's --log argument handling through patching to version 9.1.1097.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables automated scanning and monitoring to identify vulnerable Vim installations affected by CVE-2025-1215 on local systems.

SI-5 Security Alerts, Advisories, and Directives partial match

detect

Provides awareness of security advisories and directives for vulnerabilities like CVE-2025-1215, enabling prompt initiation of flaw remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

The vulnerability allows local memory corruption via the --log argument, leading to a crash of the Vim application (DoS), which facilitates T1499.004 Application or System Exploitation.

NVD Description

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the…

local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Deeper analysisAI

CVE-2025-1215 is a memory corruption vulnerability (CWE-119) in Vim versions up to 9.1.1096, specifically affecting unknown code in the src/main.c file. The issue arises from manipulation of the --log command-line argument, which can trigger improper memory handling. With a CVSS v3.1 base score of 2.8 (AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L), it represents a low-severity local problem rated as problematic.

A local attacker with low privileges can exploit this vulnerability by convincing a user to invoke Vim with a specially crafted --log argument, requiring user interaction. Successful exploitation leads to limited availability impact through memory corruption, such as a crash or denial of service on the affected system, with no confidentiality or integrity effects.

Mitigation involves upgrading to Vim version 9.1.1097, which includes the fixing commit c5654b84480822817bb7b69ebc97c174c91185e9. Relevant advisories and resources are available at the Vim GitHub repository, including the patch commit, associated issue #16606, and the release tag for v9.1.1097, as well as entries on VulDB.

Details

CWE(s): CWE-119

Affected Products

vim

≤ 9.1.1097

netapp

bootstrap os

all versions

CVEs Like This One

CVE-2025-27423Same product: Vim Vim

CVE-2025-24970Same product class: NAS / storage appliance

CVE-2024-53693Same product class: NAS / storage appliance

CVE-2025-24813Same product: Netapp Bootstrap Os

CVE-2025-26512Same product class: NAS / storage appliance

CVE-2025-1736Same product class: NAS / storage appliance

CVE-2026-3394Shared CWE-119

CVE-2025-1861Same product class: NAS / storage appliance

CVE-2025-59383Same product class: NAS / storage appliance

CVE-2024-56438Shared CWE-119

References

https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9
Patch · cna@vuldb.com
https://github.com/vim/vim/issues/16606
Exploit, Issue Tracking · cna@vuldb.com
https://github.com/vim/vim/releases/tag/v9.1.1097
Release Notes · cna@vuldb.com
https://vuldb.com/?ctiid.295174
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.295174
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.497546
Third Party Advisory, VDB Entry · cna@vuldb.com
https://security.netapp.com/advisory/ntap-20250321-0005/
Third Party Advisory · af854a3a-2127-422b-91ae-364da2661108
https://github.com/vim/vim/issues/16606
Exploit, Issue Tracking · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://vuldb.com/?submit.497546
Third Party Advisory, VDB Entry · 134c704f-9b21-4f2e-91b3-4a467353bcc0