CVE-2025-55158: 
Vim vulnerability analysis and mitigation

A double-free vulnerability (CVE-2025-55158) was discovered in Vim versions from 9.1.1231 to before 9.1.1406. The vulnerability affects Vim's internal typed value (typval_T) management during nested tuple processing in Vim9 script import operations. The issue was discovered through fuzz testing with AFL++ and confirmed using AddressSanitizer by Yang Luo and Yanju Chen from the Security Team at Riema Labs (GitHub Advisory).

The vulnerability occurs when processing nested tuples during Vim9 script import operations. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and CVSS v4.0 score of 6.9 (MEDIUM) (NVD).

The primary impact is a potential denial-of-service through application crash. However, as this is a memory corruption flaw, it could theoretically be exploited for more severe consequences depending on the execution environment. The severity is considered medium because the vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script (GitHub Advisory).

The vulnerability has been patched in Vim version 9.1.1406. Users are advised to upgrade to this version or later. The fix involves setting the type to VAR_UNKNOWN to prevent double-freeing of memory (GitHub Commit).