Advisories » MGASA-2025-0226

Updated vim packages fix vulnerabilities

Publication date: 02 Sep 2025
Modification date: 02 Sep 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-53905 , CVE-2025-53906

Description

Path traversal issue with tar.vim and special crafted tar archives in
Vim < 9.1.1552. (CVE-2025-53905)
Path traversal issue with zip.vim and special crafted zip archives in
Vim < v9.1.1551. (CVE-2025-53906)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34486
• https://www.openwall.com/lists/oss-security/2025/07/15/1
• https://www.openwall.com/lists/oss-security/2025/07/15/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53905
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53906

SRPMS

9/core

• vim-9.1.1552-1.mga9