CVE-2025-55157

EUVD-2025-24191

11.08.2025, 23:15

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Affected Products (NVD)

Vendor	Product	Version
vim	vim	9.1.1231 ≤ 𝑥 < 9.1.1400

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

vim

bookworm	2:9.0.1378-2+deb12u2 fixed
bullseye	2:8.2.2434-3+deb11u1 fixed
bullseye (security)	2:8.2.2434-3+deb11u3 fixed
forky	2:9.1.2141-1 fixed
sid	2:9.1.2141-1 fixed
trixie	2:9.1.1230-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

vim

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
plucky	not-affected
trusty	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97

https://github.com/vim/vim/releases/tag/v9.1.1400

https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6