CVE-2025-55158HIGH 8.8EPSS p24.6%

CVE-2025-55158CVE-2025-55158

Description

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.6% · 2026-06-18T12:00:27Z
Published2025-08-11
Last modified2025-08-12

Underlying weaknesses· 1

CWE-415

References

  1. https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775
  2. https://github.com/vim/vim/releases/tag/v9.1.1406
  3. https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x

1

TypeTargetConfidenceTier
WeaknessDouble Freecwe-4150%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-55157
CVE
CVE-2026-25749
CVE
CVE-2024-43374
CVE
CVE-2026-45130
CVE
CVE-2025-22134
CVE
CVE-2026-34714
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.