CVE & CISA-KEV Catalog

CVE-2025-26603

MEDIUM
4.2
CVSS v3
NVD

Description

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

How to fix

Remediation Available
vimDebian
Fixed in:2:9.1.1230-1CVE-2025-26603
Fixed in:2:9.1.1230-1CVE-2025-26603
vimUbuntu
Fixed in:2:7.4.052-1ubuntu3.1+esm21USN-7419-1
Fixed in:2:7.4.1689-3ubuntu1.5+esm27USN-7419-1
Fixed in:2:8.0.1453-1ubuntu1.13+esm12USN-7419-1
Fixed in:2:8.1.2269-1ubuntu5.32USN-7419-1
Fixed in:2:8.2.3995-1ubuntu2.24USN-7419-1
Fixed in:2:9.1.0016-1ubuntu7.8USN-7419-1
VimWindows application
Affected:9.1.1115Fixed in:9.1.1115Bram Moolenaar et al.

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploit Intelligence

0.22%probability of exploitation in 30 days
13thpercentile

Low risk: more likely to be exploited than 13% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1

Related Vulnerabilities

Other CWE-416 (Use After Free) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-0708Critical9.8100%KEV + Ransom-
CVE-2021-31166Critical9.8100%KEVFix
CVE-2015-5119Critical9.899%KEV-
CVE-2010-3962High8.197%KEV-
CVE-2015-0313Critical9.896%KEVFix
CVE-2017-9798High7.595%-Fix
Embed a live status badge for CVE-2025-26603
CVE-2025-26603 severity badge

Markdown

[![CVE-2025-26603](https://tridentstack.com/cve/badge/CVE-2025-26603.svg)](https://tridentstack.com/cve/CVE-2025-26603)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-26603"><img src="https://tridentstack.com/cve/badge/CVE-2025-26603.svg" alt="CVE-2025-26603"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-08-18.