CVE-2025-55157HIGH 8.8EPSS p23.7%

CVE-2025-55157CVE-2025-55157

Description

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.7% · 2026-06-19T12:03:05Z
Published2025-08-11
Last modified2025-08-12

Underlying weaknesses· 1

CWE-416

References

  1. https://github.com/vim/vim/commit/1307743697bbc46e1518abfea7f89caa95bcaf97
  2. https://github.com/vim/vim/releases/tag/v9.1.1400
  3. https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6

1

TypeTargetConfidenceTier
WeaknessUse After Freecwe-4160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55158
CVE
CVE-2024-43374
CVE
CVE-2026-45130
CVE
CVE-2026-25749
CVE
CVE-2026-34714
CVE
CVE-2025-22134
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.