Vim
Company Details
Linkedin ID:
getvim
Website:
Employees number:
383
Number of followers:
20,528
NAICS:
5112
Industry Type:
Homepage:
getvim.com
IP Addresses:
0
Company ID:
VIM_2055373
Scan Status:
In-progress
Vim Company CyberSecurity Posture
getvim.com
Vim is a middleware platform for healthcare. Its flexible and scalable cloud-based platform and unique, interactive, integration layer unlock access to provider EHR workflows, allowing for the delivery of data and patient insights when and where providers need it most - at the point of patient care. Vim's partners can choose to leverage Vim's core applications or deploy their custom applications on top of Vim Connect - Vim's in-EHR connectivity layer - accelerating time to market at reduced cost and improved flexibility. Digital health builders of all sizes - from national health plans, leading MSOs and tech companies - leverage Vim's platform to engage with a growing network of 2,000+ provider organizations. For payers and providers, clinical data and workflows are often siloed and disconnected. Vim transforms clinical data into actionable in-EHR insights at the point of care. Vim’s content delivery and provider engagement platform reduces administrative burden, empowers providers, and accelerates performance initiatives for all stakeholders through bidirectional EHR connections. The country’s largest health plans and medical providers of every size – from independent practitioners to integrated delivery systems – use our software to connect data and care across the health system. Our Mission: Vim’s mission is to power affordable, high-quality health care through seamless connectivity. At our core, Vim and its employees, are working to change the future of healthcare by impacting how care is delivered. By giving physician teams the tools and resources they need to operate more efficiently and succeed under value-based care models, Vim is helping providers improve the quality of care for their patients.
Vim A.I CyberSecurity Scoring
Vim Risk Score (AI oriented)Between 750 and 799
Vim
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Vim Global Score (TPRM)XXXX
Vim
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Vim Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Vim
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The critical vulnerability identified in the Vim text editor, CVE-2025-27423, poses a high-severity threat by enabling arbitrary code execution through maliciously crafted TAR archives. Affected by this flaw are Vim versions prior to 9.1.1164, where an input validation failure in the tar.vim plugin could lead to potential command injection attacks. The impact of this vulnerability extends from individual users to broader development and production environments, potentially affecting CI/CD pipelines and automated system processes. Exploitation of this bug necessitates user interaction, such as opening a malicious TAR file, putting both local and system-wide security at risk.
Vim Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Vim
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Vim in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Vim in 2025.
Incident Types Vim vs Software Development Industry Avg (This Year)
No incidents recorded for Vim in 2025.
Incident History — Vim (X = Date, Y = Severity)
Vim cyber incidents detection timeline including parent company and subsidiaries
Vim Company Subsidiaries
Vim is a middleware platform for healthcare. Its flexible and scalable cloud-based platform and unique, interactive, integration layer unlock access to provider EHR workflows, allowing for the delivery of data and patient insights when and where providers need it most - at the point of patient care. Vim's partners can choose to leverage Vim's core applications or deploy their custom applications on top of Vim Connect - Vim's in-EHR connectivity layer - accelerating time to market at reduced cost and improved flexibility. Digital health builders of all sizes - from national health plans, leading MSOs and tech companies - leverage Vim's platform to engage with a growing network of 2,000+ provider organizations. For payers and providers, clinical data and workflows are often siloed and disconnected. Vim transforms clinical data into actionable in-EHR insights at the point of care. Vim’s content delivery and provider engagement platform reduces administrative burden, empowers providers, and accelerates performance initiatives for all stakeholders through bidirectional EHR connections. The country’s largest health plans and medical providers of every size – from independent practitioners to integrated delivery systems – use our software to connect data and care across the health system. Our Mission: Vim’s mission is to power affordable, high-quality health care through seamless connectivity. At our core, Vim and its employees, are working to change the future of healthcare by impacting how care is delivered. By giving physician teams the tools and resources they need to operate more efficiently and succeed under value-based care models, Vim is helping providers improve the quality of care for their patients.
Loading...
Vim Similar Companies
Snowflake
**Snowflake is proud to be the Official Data Collaboration Provider for LA28 and Team USA.** Snowflake delivers the AI Data Cloud — a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the AI Data Cloud, organizations unite
GlobalLogic
GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital prod
DoorDash
At DoorDash, our mission to empower local economies shapes how our team members move quickly and always learn and reiterate to support merchants, Dashers and the communities we serve. We are a technology and logistics company that started with door-to-door delivery, and we are looking for team membe
Cox Automotive Inc.
Cox Automotive is the world’s largest automotive services and technology provider. Fueled by the largest breadth of first-party data fed by 2.3 billion online interactions a year, Cox Automotive tailors leading solutions for car shoppers, auto manufacturers, dealers, lenders and fleets. The company
Shopee
Shopee is the leading e-commerce platform in Southeast Asia and Taiwan. It is a platform tailored for the region, providing customers with an easy, secure and fast online shopping experience through strong payment and logistical support. Shopee aims to continually enhance its platform and become th
Intuit
Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. Serving millions of customers worldwide with TurboTax, QuickBooks, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper and we wo
The Bosch Group is a leading global supplier of technology and services. It employs roughly 417,900 associates worldwide (as of December 31, 2024). According to preliminary figures, the company generated sales of 90.5 billion euros in 2024. Its operations are divided into four business sectors: Mobi
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
Lazada
About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the regio
.png)
Vim CyberSecurity News
December 04, 2025 10:38 AM
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code
A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems.
December 04, 2025 09:50 AM
Vim for Windows Vulnerability Lets Attackers Execute Arbitrary Code
This vulnerability, tracked as CVE-2025-66476, was discovered by Simon Zuckerbraun of Trend Micro's Zero Day Initiative and assigned...
November 18, 2025 08:00 AM
Cybersecurity jobs available right now: November 18, 2025
Vim | Israel | Hybrid – View job details. As an Application Security Engineer, you will conduct internal penetration testing against Vim's...
July 25, 2025 07:00 AM
Fire Ant Hackers Target VMware ESXi and vCenter Flaws to Infiltrate Organizations
Cybersecurity firm Sygnia has been tracking and mitigating a sophisticated espionage operation dubbed Fire Ant, which zeroes.
July 24, 2025 07:00 AM
UNC3944 Attacking VMware vSphere and Enabling SSH on ESXi Hosts to Reset 'root' Passwords
UNC3944, a financially driven threat organization associated with "0ktapus," "Octo Tempest," and "Scattered Spider," launched a...
July 20, 2025 07:00 AM
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More
It's been a busy seven days for security alerts. Google is addressing another actively exploited zero-day in Chrome, and VMware has rolled...
July 16, 2025 07:00 AM
Vim Command Line Text Editor Vulnerability Let Attackers Overwrite Sensitive Files
The vulnerability, designated as CVE-2025-53906, affects the zip.vim plugin and enables attackers to overwrite arbitrary files through specially crafted zip...
July 15, 2025 07:00 AM
Vim Command-Line Editor Vulnerability Allows Attackers to Overwrite Sensitive Files
A newly identified security vulnerability in Vim's popular zip.vim plugin has been assigned CVE-2025-53906, highlighting a path traversal...
June 20, 2025 07:00 AM
Hackers Compromise 700+ ComfyUI AI Image Generation Servers to Distribute Malware
Researchers have uncovered that threat actors have compromised more than 700 servers running ComfyUI, a popular open-source AI image generation framework.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Vim CyberSecurity History Information
Official Website of Vim
The official website of Vim is https://www.getvim.com.
Vim’s AI-Generated Cybersecurity Score
According to Rankiteo, Vim’s AI-generated cybersecurity score is 755, reflecting their Fair security posture.
How many security badges does Vim’ have ?
According to Rankiteo, Vim currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Vim have SOC 2 Type 1 certification ?
According to Rankiteo, Vim is not certified under SOC 2 Type 1.
Does Vim have SOC 2 Type 2 certification ?
According to Rankiteo, Vim does not hold a SOC 2 Type 2 certification.
Does Vim comply with GDPR ?
According to Rankiteo, Vim is not listed as GDPR compliant.
Does Vim have PCI DSS certification ?
According to Rankiteo, Vim does not currently maintain PCI DSS compliance.
Does Vim comply with HIPAA ?
According to Rankiteo, Vim is not compliant with HIPAA regulations.
Does Vim have ISO 27001 certification ?
According to Rankiteo,Vim is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Vim
Vim operates primarily in the Software Development industry.
Number of Employees at Vim
Vim employs approximately 383 people worldwide.
Subsidiaries Owned by Vim
Vim presently has no subsidiaries across any sectors.
Vim’s LinkedIn Followers
Vim’s official LinkedIn profile has approximately 20,528 followers.
NAICS Classification of Vim
Vim is classified under the NAICS code 5112, which corresponds to Software Publishers.
Vim’s Presence on Crunchbase
Yes, Vim has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/bookmd.
Vim’s Presence on LinkedIn
Yes, Vim maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/getvim.
Cybersecurity Incidents Involving Vim
As of December 15, 2025, Rankiteo reports that Vim has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Vim has an estimated 27,732 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Vim ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
Incident Details
Can you provide details on each incident ?
Title: Vim Text Editor Critical Vulnerability
Description: The critical vulnerability identified in the Vim text editor, CVE-2025-27423, poses a high-severity threat by enabling arbitrary code execution through maliciously crafted TAR archives. Affected by this flaw are Vim versions prior to 9.1.1164, where an input validation failure in the tar.vim plugin could lead to potential command injection attacks. The impact of this vulnerability extends from individual users to broader development and production environments, potentially affecting CI/CD pipelines and automated system processes. Exploitation of this bug necessitates user interaction, such as opening a malicious TAR file, putting both local and system-wide security at risk.
Type: Vulnerability
Attack Vector: Maliciously crafted TAR archives
Vulnerability Exploited: CVE-2025-27423
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Maliciously crafted TAR archives.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability GET456030525
Systems Affected: Vim versions prior to 9.1.1164Development and production environmentsCI/CD pipelinesAutomated system processes
Which entities were affected by each incident ?
Incident : Vulnerability GET456030525
Entity Name: Vim Text Editor Users
Entity Type: Software Users
Industry: Technology
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability GET456030525
Entry Point: Maliciously crafted TAR archives
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability GET456030525
Root Causes: Input validation failure in the tar.vim plugin
Additional Questions
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Vim versions prior to 9.1.1164Development and production environmentsCI/CD pipelinesAutomated system processes.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Maliciously crafted TAR archives.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=getvim' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
