CVE-2025-55157 Information

Aug 12, 2025 cve

Description

Vim is an open source command line text editor. In versions from 9.1.1231 to before 9.1.1400 When processing nested tuples in Vim script an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically the tuple_unref() function may access already freed memory due to improper lifetime handling leading to memory corruption. The exploit requires direct user interaction as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Reference

https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 https://github.com/vim/vim/releases/tag/v9.1.1400 https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6

CNNVD-202508-974 (Published: 2025-08-11)

Share on:

CVE-2025-55157 Information

Description

Reference

Related CNNVD