CVE-2025-22134

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.1003

Description The issue is related to a heap-buffer overflow in Vim when switching to other buffers using the :all command while visual mode is still active. This occurs because Vim does not properly end visual mode, potentially allowing access beyond the end of a line in a buffer. The impact is considered medium, as the user must have switched on visual mode when executing the :all ex command.

Recommendations For versions prior to 9.1.1003, update to Vim patch v9.1.1003 or later to fix the bug. As a temporary workaround, consider avoiding the use of the :all command while visual mode is active until the patch is applied.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2025-5044

ALT-PU-2025-5579

ALT-PU-2025-5591

AZL-55500

AZL-55582

BDU:2025-01433

CVE-2025-22134

ECHO-392A-F4A0-DBDE

GHSA-5RGF-26WJ-48V8

MGASA-2025-0014

OESA-2025-1166

OPENSUSE-SU-2025_0723-1

SUSE-SU-2025:0722-1

SUSE-SU-2025:0723-1

SUSE-SU-2025:0724-1

SUSE-SU-2025:20128-1

SUSE-SU-2025_0722-1

SUSE-SU-2025_0723-1

USN-7220-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Vim

CVE-2025-22134

Weakness Enumeration

Related Identifiers

Affected Products

References · 63