diff -up vim82/runtime/autoload/zip.vim.CVE-2025-53906 vim82/runtime/autoload/zip.vim
--- vim82/runtime/autoload/zip.vim.CVE-2025-53906	2021-03-22 10:02:41.000000000 +0100
+++ vim82/runtime/autoload/zip.vim	2025-09-10 19:33:11.491115978 +0200
@@ -251,6 +251,7 @@ fun! zip#Write(fname)
 "  call Dfunc("zip#Write(fname<".a:fname.">) zipfile_".winnr()."<".s:zipfile_{winnr()}.">")
   let repkeep= &report
   set report=10
+  let need_rename = 0
 
   " sanity checks
   if !executable(substitute(g:zip_zipcmd,'\s\+.*$','',''))
@@ -261,14 +262,6 @@ fun! zip#Write(fname)
 "   call Dret("zip#Write")
    return
   endif
-  if !exists("*mkdir")
-   redraw!
-   echohl Error | echo "***error*** (zip#Write) sorry, mkdir() doesn't work on your system" | echohl None
-"   call inputsave()|call input("Press <cr> to continue")|call inputrestore()
-   let &report= repkeep
-"   call Dret("zip#Write")
-   return
-  endif
 
   let curdir= getcwd()
   let tmpdir= tempname()
@@ -302,6 +295,11 @@ fun! zip#Write(fname)
    let zipfile = substitute(a:fname,'^.\{-}zipfile:\(.\{-}\)::[^\\].*$','\1','')
    let fname   = substitute(a:fname,'^.\{-}zipfile:.\{-}::\([^\\].*\)$','\1','')
   endif
+  if fname =~ '^[.]\{1,2}/'
+    call system(g:zip_zipcmd." -d ".s:Escape(fnamemodify(zipfile,":p"),0)." ".s:Escape(fname,0))
+    let fname = substitute(fname, '^\([.]\{1,2}/\)\+', '', 'g')
+    let need_rename = 1
+  endif
 "  call Decho("zipfile<".zipfile.">")
 "  call Decho("fname  <".fname.">")
 
@@ -318,7 +316,7 @@ fun! zip#Write(fname)
   endif
 "  call Decho("zipfile<".zipfile."> fname<".fname.">")
 
-  exe "w! ".fnameescape(fname)
+  exe "w ".fnameescape(fname)
   if has("win32unix") && executable("cygpath")
    let zipfile = substitute(system("cygpath ".s:Escape(zipfile,0)),'\n','','e')
   endif
@@ -348,6 +346,10 @@ fun! zip#Write(fname)
    let &binary = binkeep
    q!
    unlet s:zipfile_{winnr()}
+  elseif need_rename
+    sil exe 'keepalt file '.fnameescape("zipfile://".zipfile.'::'.fname)
+    redraw!
+    echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, dropping relative path" | echohl None
   endif
   
   " cleanup and restore current directory
@@ -383,6 +385,11 @@ fun! zip#Extract()
    let &report= repkeep
 "   call Dret("zip#Extract")
    return
+  elseif fname =~ '^[.]\?[.]/'
+    redraw!
+    echohl Error | echo "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!" | echohl None
+    let &report= repkeep
+    return
   endif
 
   " extract the file mentioned under the cursor
