PT-2025-32594 · Vim+2 · Vim+2

Yang Luo

+1

·

Published

2025-08-11

·

Updated

2025-10-14

·

CVE-2025-55158

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Vim versions 9.1.1231 through 9.1.1405
Description: Vim is a command line text editor. Versions from 9.1.1231 to before 9.1.1406 contain a flaw where processing nested tuples during Vim9 script import operations can trigger a double-free in Vim’s internal typed value (typval T) management. Specifically, the clear tv() function may attempt to free already deallocated memory due to improper lifetime handling in the handle import / ex import code paths. This issue is triggered when a user opens and executes a specially crafted Vim script.
Recommendations: Update to Vim version 9.1.1406 or later.

Exploit

Fix

Double Free

Weakness Enumeration

CWE-415

Related Identifiers

BDU:2025-12932
CVE-2025-55158
GHSA-5FG8-WVX3-583X
SUSE-SU-2025:03240-1
SUSE-SU-2025:03299-1
SUSE-SU-2025:03300-1
SUSE-SU-2025:20696-1
SUSE-SU-2025:20857-1
SUSE-SU-2025_03299-1
SUSE-SU-2025_03300-1

Affected Products

Red Os
Suse
Vim