Vim heap use-after-free vulnerability when processing recursive tuple data types

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Basic Information

ID CVE-2025-55157

Source GitHub_M

Published Aug 11, 2025 at 22:54

Affected Product

Vendor vim

Product vim

Version >= 9.1.1231, < 9.1.1400

Affected Versions vim vim >= 9.1.1231, < 9.1.1400

CWE Classification

CWE-416

References

{
    "lastseen": "",
    "description": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u2019s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
    "published": "2025-08-11T22:54:27.302Z",
    "modified": "2025-08-11T22:54:27.302Z",
    "type": "cve",
    "title": "Vim heap use-after-free vulnerability when processing recursive tuple data types",
    "source": "GitHub_M",
    "references": "https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6\nhttps://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97\nhttps://github.com/vim/vim/releases/tag/v9.1.1400",
    "id": "CVE-2025-55157",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "vim vim >= 9.1.1231, < 9.1.1400",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vim",
    "version": ">= 9.1.1231, < 9.1.1400",
    "vendor": "vim",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vim heap use-after-free vulnerability when processing recursive tuple data types_CVE-2025-55157