CVE-2025-9389

LOW

vim 9.1.0000 - Memory Corruption in __memmove_avx_unaligned_erms

Title source: llm

Description

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.321222

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.321222

Exploit, Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.630898

Exploit, Issue Tracking, Patch, Vendor Advisory issue-tracking

https://github.com/vim/vim/issues/17940

Exploit, Issue Tracking, Patch issue-tracking

https://github.com/vim/vim/issues/17940#issuecomment-3203415781

Exploit exploit

https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing

Scores

CVSS v3 3.3

EPSS 0.0005

EPSS Percentile 15.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-787

Status published

Products (1)

vim/vim 9.1.0000

Published Aug 24, 2025

Tracked Since Feb 18, 2026