CVE-2025-55157

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-55157
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 Patch
https://github.com/vim/vim/releases/tag/v9.1.1400 Patch
https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
History

12 Aug 2025, 18:50

Type Values Removed Values Added
References () https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 - () https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 - Patch
References () https://github.com/vim/vim/releases/tag/v9.1.1400 - () https://github.com/vim/vim/releases/tag/v9.1.1400 - Patch
References () https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6 - () https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6 - Vendor Advisory
CPE cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
First Time Vim vim
Vim
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

12 Aug 2025, 14:25

Type Values Removed Values Added
Summary
  • (es) Vim es un editor de texto de línea de comandos de código abierto. En versiones desde la 9.1.1231 hasta anteriores a la 9.1.1400, al procesar tuplas anidadas en un script de Vim, un error durante la evaluación podía provocar un error de uso después de la liberación en la gestión interna de referencias de tuplas de Vim. En concreto, la función tuple_unref() podía acceder a memoria ya liberada debido a una gestión incorrecta del tiempo de vida, lo que provocaba corrupción de memoria. Este exploit requiere la interacción directa del usuario, ya que el script debe ejecutarse explícitamente en Vim. Este problema se ha corregido en la versión 9.1.1400.

11 Aug 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-11 23:15

Updated : 2025-08-12 18:50

NVD link : CVE-2025-55157

Mitre link : CVE-2025-55157

CVE.ORG link : CVE-2025-55157

JSON object : View

Products Affected

vim

  • vim
CWE
CWE-416

Use After Free