CVE-2025-66476 | Vim up to 9.1.1946 on Windows cmd.exe uncontrolled search path (GHSA-g77q-xrww-p834 / 083ec6d9a3b7b09006e0ce69ac802597d25)

A vulnerability was found in Vim up to 9.1.1946 on Windows and classified as problematic. The affected element is an unknown function of the file cmd.exe. Such manipulation leads to uncontrolled search path.

This vulnerability is uniquely identified as CVE-2025-66476. Local access is required to approach this attack. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More