CVE-2025-9389 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VIM

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 89.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Debian VIM

Timeline

PublishedAug 24

Latest updateAug 25

Description

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDvim/vim9.1.0000

▶debiandebian/vim

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-9389: A vulnerability was identified in vim 9↗2025-08-25

▶

GHSA

GHSA-p222-mxxm-v36m: A vulnerability was identified in vim 9↗2025-08-24

▶

📋Vendor Advisories

Red Hat

vim: vim memmove-vec-unaligned-erms.S __memmove_avx_unaligned_erms memory corruption↗2025-08-24

▶

Debian

CVE-2025-9389: vim - A vulnerability was identified in vim 9.1.0000. Affected is the function __memmo...↗2025

▶