CVE-2025-55158
HIGHvim 9.1.1231-9.1.1406 - Double Free in Vim9 Script Import Typed Value Handling
Title source: llmDescription
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x
Patch x_refsource_misc
https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775
Patch x_refsource_misc
https://github.com/vim/vim/releases/tag/v9.1.1406
Scores
CVSS v3
8.8
EPSS
0.0033
EPSS Percentile
24.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-415
Status
published
Products (1)
vim/vim
9.1.1231 - 9.1.1406
Published
Aug 11, 2025
Tracked Since
Feb 18, 2026