CVE-2025-55157

11.08.2025, 23:15

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vims internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
vim	vim	9.1.1231 ≤ 𝑥 < 9.1.1400

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

vim

bullseye	2:8.2.2434-3+deb11u1 fixed
bullseye (security)	2:8.2.2434-3+deb11u3 fixed
bookworm	2:9.0.1378-2+deb12u2 fixed
forky	2:9.1.1230-2 fixed
sid	2:9.1.1230-2 fixed
trixie	2:9.1.1230-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

vim

plucky	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] vim: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-08-10T22:00:00+00:00

References

https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97

https://github.com/vim/vim/releases/tag/v9.1.1400

https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6