CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55157 – Vim heap use-after-free vulnerability when processing recursive tuple data types
https://notcve.org/view.php?id=CVE-2025-55157
11 Aug 2025 — Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in v... • https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-55158 – Vim double-free vulnerability during Vim9 script import operations
https://notcve.org/view.php?id=CVE-2025-55158
11 Aug 2025 — Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly ope... • https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775 • CWE-415: Double Free •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53906 – Vim has path traversal issue with zip.vim and special crafted zip archives
https://notcve.org/view.php?id=CVE-2025-53906
15 Jul 2025 — Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim... • https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53905 – Vim has path traversial issue with tar.vim and special crafted tar files
https://notcve.org/view.php?id=CVE-2025-53905
15 Jul 2025 — Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim... • https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29768 – Vim vulnerable to potential data loss with zip.vim and special crafted zip files
https://notcve.org/view.php?id=CVE-2025-29768
13 Mar 2025 — Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198. • https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27423 – Improper Input Validation in Vim
https://notcve.org/view.php?id=CVE-2025-27423
03 Mar 2025 — Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, wh... • https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26603 – heap-use-after-free in function str_to_reg in vim/vim
https://notcve.org/view.php?id=CVE-2025-26603
18 Feb 2025 — Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the cont... • https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-1215 – vim main.c memory corruption
https://notcve.org/view.php?id=CVE-2025-1215
12 Feb 2025 — A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. • https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24014 – segmentation fault in win_line() in Vim < 9.1.1043
https://notcve.org/view.php?id=CVE-2025-24014
20 Jan 2025 — Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been all... • https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22134 – heap-buffer-overflow with visual mode in Vim < 9.1.1003
https://notcve.org/view.php?id=CVE-2025-22134
13 Jan 2025 — When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is... • https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead • CWE-122: Heap-based Buffer Overflow •