How to fix CVE-2025-24014?

During next maintenance window: Identify affected systems running Vim and apply vendor patches when convenient. Vendor patch is available.

Is Memory Corruption affected by CVE-2025-24014?

Organizations using Vim should be aware of moderate risk from CVE-2025-24014, a out-of-bounds write vulnerability rated CVSS 4.2. Exploitation could cause memory corruption or application crashes. A patch is available and should be applied during regular vulnerability management.

CVE-2025-24014

MEDIUM

2025-01-20 [email protected]

4.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:04 vuln.today

Patch Released

Mar 28, 2026 - 18:04 nvd

Patch available

CVE Published

Jan 20, 2025 - 23:15 nvd

MEDIUM 4.2

Description

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Analysis

Vim is an open source, command line text editor. Rated medium severity (CVSS 4.2). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical Context

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. Affected products include: Vim, Netapp Hci Compute Node Firmware. Version information: before 9.1.1043..

Affected Products

Vim, Netapp Hci Compute Node Firmware.

Remediation

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +21

POC: 0

Vendor Status

CVE-2025-24014 vulnerability details – vuln.today

Back

CVE-2025-24014

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-24014

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code