Login Sign Up

CVE-2026-25749

6.6 MEDIUM
Buffer Overflow

📋 TL;DR

A heap buffer overflow vulnerability in Vim's tag file resolution logic allows attackers to execute arbitrary code or crash the application by exploiting the 'helpfile' option. This affects all users running Vim versions prior to 9.1.2132. The vulnerability is triggered when processing help file tags with a specially crafted 'helpfile' value.

💻 Affected Systems

Products:
  • Vim
Versions: All versions prior to 9.1.2132
Operating Systems: Linux, Unix, macOS, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with vulnerable versions are affected. The vulnerability requires user interaction (opening a malicious help file or setting the helpfile option).

📦 What is this software?

Vim by Vim

View all CVEs affecting Vim →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, privilege escalation, or data exfiltration.

🟠

Likely Case

Application crash (denial of service) or limited code execution within Vim's context.

🟢

If Mitigated

No impact if patched or if the vulnerable functionality is not used.

🌐 Internet-Facing: LOW - Vim is typically not exposed to external networks.
🏢 Internal Only: MEDIUM - Could be exploited via malicious help files or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (e.g., opening a malicious help file). No public exploits are known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.2132

Vendor Advisory: https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43

Restart Required: No

Instructions:

1. Download Vim 9.1.2132 or later from https://github.com/vim/vim/releases/tag/v9.1.2132. 2. Compile and install following the platform-specific build instructions. 3. For package managers: Update using your system's package manager (e.g., apt upgrade vim, yum update vim).

🔧 Temporary Workarounds

Disable help file functionality

linux

Prevent Vim from loading help files by removing or restricting access to help directories.

chmod 000 /usr/share/vim/vim*/doc/
mv /usr/share/vim/vim*/doc/ /usr/share/vim/vim*/doc.bak/

Restrict helpfile option

all

Set the helpfile option to a safe, controlled path in vimrc.

echo "set helpfile=/safe/path/to/help.txt" >> ~/.vimrc

🧯 If You Can't Patch

  • Restrict user permissions to prevent execution of untrusted help files.
  • Use application control to block Vim execution or limit it to trusted environments.

🔍 How to Verify

Check if Vulnerable:

Run 'vim --version' and check if version is below 9.1.2132.

Check Version:

vim --version | head -1

Verify Fix Applied:

Run 'vim --version' and confirm version is 9.1.2132 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Vim crash logs
  • System logs showing abnormal Vim process termination

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process termination where process_name='vim' and exit_code != 0

📊 Metadata

CVE ID: CVE-2026-25749
CVSS v3 Score: 6.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
CWE: CWE-122
EPSS Score: 0.01% exploit probability (1.6th percentile)
Published: February 6, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25749, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)