Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-55157

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Published

2025-08-11T23:15:27.870

Last Modified

2025-08-12T18:50:20.100

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vim	vim	< 9.1.1400	Yes

References

https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 Patch ([email protected])
https://github.com/vim/vim/releases/tag/v9.1.1400 Patch ([email protected])
https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6 Vendor Advisory ([email protected])