See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-26603

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Feb 18, 2025

CWE ID 416

Summary

CVE-2025-26603 is a use-after-free vulnerability affecting Vim, a popular UNIX editor. The issue lies in the way Vim handles redirection of the `:display` command output to registers. When freeing the register content before storing new data, Vim inadvertently tries to access the freed memory. The check to prevent such redirection while displaying a register is incomplete in Vim versions prior to 9.1.1115. Specifically, the `+` and `*` registers, which are commonly used for X11/clipboard, are not included in this check, leaving them susceptible to this vulnerability. Users are strongly advised to upgrade to Vim version 9.1.1115 to mitigate this issue, as no known workarounds exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Affected Vendors

Aviakom VIM AVIA

Advisories, Assessments, and Mitigations

Back to Vulnerability Database