Vulnerability DatabaseCVE-2025-24014

CVE-2025-24014:
Vim vulnerability analysis and mitigation

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

5.5

Score

Published January 20, 2025

Severity MEDIUM

CNA Score 4.2

Affected Technologies

Vim
Alma Linux

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 18.6

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

vim-debuginfo
vim-enhanced

Sources

Alpine Security Tracker
- Alpine 3.10, 3.11, 3.12, 3.13, 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20 Severity MEDIUMHas FixAdded at: Nov 18, 2025
- Alpine 3.21, edge Severity MEDIUMHas FixAdded at: Feb 16, 2025
- Alpine 3.22 Severity MEDIUMHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity MEDIUMHas FixAdded at: Dec 04, 2025
CBL-Mariner
- CBL-Mariner 2.0 Severity MEDIUMHas FixAdded at: Feb 02, 2025
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: May 04, 2025
Chainguard
- Chainguard Has FixAdded at: Sep 03, 2025
Container-Optimized OS Release Notes
- Container-Optimized OS Severity MEDIUMHas FixAdded at: Jul 22, 2025
Debian Security Tracker
- Debian 11, 12 Severity LOWNo FixAdded at: Jan 22, 2025
- Debian 13 Severity LOWHas FixAdded at: Jan 22, 2025
- Debian 14 Severity LOWHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity MEDIUMHas FixAdded at: Nov 18, 2025
Homebrew
- Homebrew Severity MEDIUMHas FixAdded at: Aug 15, 2025
Nix
- Nix Severity MEDIUMHas FixAdded at: Aug 15, 2025
Photon Security Advisory
- Photon 4.0 Severity MEDIUMHas FixAdded at: Jun 15, 2025
Red Hat Errata
- Red Hat 6, 7, 8, 9 Severity LOWNo FixAdded at: Jan 22, 2025
- Red Hat 10 Severity LOWNo FixAdded at: Jul 06, 2025
TuxCare
- AlmaLinux 9.2 Severity MEDIUMNo FixAdded at: Nov 18, 2025
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04 Severity MEDIUMHas FixAdded at: Aug 19, 2025
- Ubuntu 20.04, 22.04, 24.10 Severity MEDIUMHas FixAdded at: Feb 11, 2025
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: Apr 03, 2025
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025
- Ubuntu 25.10 Severity MEDIUMHas FixAdded at: Oct 13, 2025
VulnCheck NVD++
- Linux Severity MEDIUMHas FixAdded at: Jan 21, 2025
- Windows Severity MEDIUMHas FixAdded at: Jan 21, 2025
Wolfi
- Wolfi Has FixAdded at: Sep 01, 2025
NVD
- Linux Severity MEDIUMHas FixAdded at: Aug 15, 2025
- Windows Severity MEDIUMHas FixAdded at: Aug 15, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Vim vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66476	HIGH	7.8	Vim	vim	No	Yes	Dec 02, 2025
CVE-2025-55158	MEDIUM	6.9	Vim	cpe:2.3:a:vim:vim	No	Yes	Aug 11, 2025
CVE-2025-55157	MEDIUM	6.9	Vim	cpe:2.3:a:vim:vim	No	Yes	Aug 11, 2025
CVE-2025-9390	MEDIUM	4.8	Vim	vim	No	Yes	Aug 24, 2025
CVE-2025-9389	MEDIUM	4.8	Vim	vim-filesystem	No	Yes	Aug 24, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2025-24014: Vim vulnerability analysis and mitigation