CVE-2026-25749

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.2132

Description Vim, an open source command line text editor, contains a heap buffer overflow in its tag file resolution logic when processing the 'helpfile' option. The issue resides in the get tagfname() function within src/tag.c. The STRCPY() function is used to copy the user-controlled 'helpfile' option value into a fixed-size heap buffer without sufficient bounds checking, leading to a potential overflow.

Recommendations Update to Vim version 9.1.2132 or later.

Exploit

Fix

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2026:4442

ALSA-2026:4715

ALSA-2026:5602

AZL-76764

AZL-77411

BDU:2026-05072

CVE-2026-25749

ECHO-CD9F-8404-8DDC

GHSA-5W93-4G67-MM43

RHSA-2026:4442

RHSA-2026:4715

RHSA-2026:5602

RHSA-2026:6502

RHSA-2026:6539

RHSA-2026:6540

RHSA-2026:6617

RHSA-2026:6619

RHSA-2026:6620

RHSA-2026:6729

RHSA-2026:6730

RHSA-2026:6731

RHSA-2026:6736

USN-8101-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Ubuntu

Vim

CVE-2026-25749

Weakness Enumeration

Related Identifiers

Affected Products

References · 49