CVE-2025-55158

Name of the Vulnerable Software and Affected Versions: Vim versions 9.1.1231 through 9.1.1405

Description: Vim is a command line text editor. Versions from 9.1.1231 to before 9.1.1406 contain a flaw where processing nested tuples during Vim9 script import operations can trigger a double-free in Vim’s internal typed value (typval T) management. Specifically, the clear tv() function may attempt to free already deallocated memory due to improper lifetime handling in the handle import / ex import code paths. This issue is triggered when a user opens and executes a specially crafted Vim script.

Recommendations: Update to Vim version 9.1.1406 or later.