Heap Buffer Overflow in Vim Text Editor Affects Users
CVE-2026-25749

6.6MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
6 February 2026

What is CVE-2026-25749?

Vim, the popular open-source command line text editor, is susceptible to a heap buffer overflow vulnerability due to flawed tag file resolution logic when handling the 'helpfile' option. The vulnerability is present in the get_tagfname() function and arises from the unsafe use of STRCPY() for copying user-controlled values into a fixed-size heap buffer. This flaw allows attackers to exploit this weakness when processing help file tags, leading to potential memory corruption issues. A fix has been implemented in version 9.1.2132, and users are advised to upgrade to this version or later to mitigate the risk.

Affected Version(s)

vim < 9.1.2132

References

https://github.com/vim/vim/security/advisories/GHSA-5w93-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/0714b15940b245108e6e9d7...
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.1.2132
x_refsource_MISC

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.