Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-55158 (GCVE-0-2025-55158)
Vulnerability from cvelistv5
Published
2025-08-11 22:54
Modified
2025-08-12 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-415 - Double Free
Summary
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:51:31.724220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:51:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.1.1231, \u003c 9.1.1406"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T22:54:12.015Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
},
{
"name": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.1.1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.1406"
}
],
"source": {
"advisory": "GHSA-5fg8-wvx3-583x",
"discovery": "UNKNOWN"
},
"title": "Vim double-free vulnerability during Vim9 script import operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55158",
"datePublished": "2025-08-11T22:54:12.015Z",
"dateReserved": "2025-08-07T18:27:23.306Z",
"dateUpdated": "2025-08-12T15:51:41.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-55158\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-11T23:15:28.037\",\"lastModified\":\"2025-08-12T18:49:05.347\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.\"},{\"lang\":\"es\",\"value\":\"Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. En versiones desde la 9.1.1231 hasta anteriores a la 9.1.1406, al procesar tuplas anidadas durante las operaciones de importaci\u00f3n de scripts de Vim9, un error durante la evaluaci\u00f3n puede provocar una doble liberaci\u00f3n en la gesti\u00f3n interna de valores tipificados (typval_T) de Vim. En concreto, la funci\u00f3n clear_tv() puede intentar liberar memoria ya desasignada debido a una gesti\u00f3n incorrecta del tiempo de vida en las rutas de c\u00f3digo handle_import / ex_import. La vulnerabilidad solo se activa si un usuario abre y ejecuta expl\u00edcitamente un script de Vim especialmente manipulado. Este problema se ha corregido en la versi\u00f3n 9.1.1406.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.1.1231\",\"versionEndExcluding\":\"9.1.1406\",\"matchCriteriaId\":\"BF46B6DF-7B68-4BDD-9789-1D58B0F80B6F\"}]}]}],\"references\":[{\"url\":\"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/releases/tag/v9.1.1406\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Vim double-free vulnerability during Vim9 script import operations\", \"source\": {\"advisory\": \"GHSA-5fg8-wvx3-583x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 9.1.1231, \u003c 9.1.1406\"}]}], \"references\": [{\"url\": \"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\", \"name\": \"https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\", \"name\": \"https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/vim/vim/releases/tag/v9.1.1406\", \"name\": \"https://github.com/vim/vim/releases/tag/v9.1.1406\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-415\", \"description\": \"CWE-415: Double Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-11T22:54:12.015Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-55158\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-12T15:51:31.724220Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-08-12T15:51:36.530Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-55158\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-11T22:54:12.015Z\", \"dateReserved\": \"2025-08-07T18:27:23.306Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-11T22:54:12.015Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:03299-1
Vulnerability from csaf_suse
Published
2025-09-23 09:02
Modified
2025-09-23 09:02
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
Patchnames
SUSE-2025-3299,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3299
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdated to 9.1.1629:\n- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim\u2019s tar.vim plugin (bsc#1246604)\n- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim\u2019s zip (bsc#1246602)\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3299,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3299",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03299-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03299-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503299-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03299-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041804.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-23T09:02:41Z",
"generator": {
"date": "2025-09-23T09:02:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03299-1",
"initial_release_date": "2025-09-23T09:02:41Z",
"revision_history": [
{
"date": "2025-09-23T09:02:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.aarch64",
"product": {
"name": "gvim-9.1.1629-17.51.1.aarch64",
"product_id": "gvim-9.1.1629-17.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.aarch64",
"product": {
"name": "vim-9.1.1629-17.51.1.aarch64",
"product_id": "vim-9.1.1629-17.51.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-17.51.1.aarch64",
"product_id": "vim-small-9.1.1629-17.51.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.i586",
"product": {
"name": "gvim-9.1.1629-17.51.1.i586",
"product_id": "gvim-9.1.1629-17.51.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.i586",
"product": {
"name": "vim-9.1.1629-17.51.1.i586",
"product_id": "vim-9.1.1629-17.51.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.i586",
"product": {
"name": "vim-small-9.1.1629-17.51.1.i586",
"product_id": "vim-small-9.1.1629-17.51.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-17.51.1.noarch",
"product": {
"name": "vim-data-9.1.1629-17.51.1.noarch",
"product_id": "vim-data-9.1.1629-17.51.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-17.51.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-17.51.1.noarch",
"product_id": "vim-data-common-9.1.1629-17.51.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-17.51.1.ppc64le",
"product_id": "gvim-9.1.1629-17.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "vim-9.1.1629-17.51.1.ppc64le",
"product_id": "vim-9.1.1629-17.51.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-17.51.1.ppc64le",
"product_id": "vim-small-9.1.1629-17.51.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.s390",
"product": {
"name": "gvim-9.1.1629-17.51.1.s390",
"product_id": "gvim-9.1.1629-17.51.1.s390"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.s390",
"product": {
"name": "vim-9.1.1629-17.51.1.s390",
"product_id": "vim-9.1.1629-17.51.1.s390"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.s390",
"product": {
"name": "vim-small-9.1.1629-17.51.1.s390",
"product_id": "vim-small-9.1.1629-17.51.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.s390x",
"product": {
"name": "gvim-9.1.1629-17.51.1.s390x",
"product_id": "gvim-9.1.1629-17.51.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.s390x",
"product": {
"name": "vim-9.1.1629-17.51.1.s390x",
"product_id": "vim-9.1.1629-17.51.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.s390x",
"product": {
"name": "vim-small-9.1.1629-17.51.1.s390x",
"product_id": "vim-small-9.1.1629-17.51.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-17.51.1.x86_64",
"product": {
"name": "gvim-9.1.1629-17.51.1.x86_64",
"product_id": "gvim-9.1.1629-17.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-17.51.1.x86_64",
"product": {
"name": "vim-9.1.1629-17.51.1.x86_64",
"product_id": "vim-9.1.1629-17.51.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-17.51.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-17.51.1.x86_64",
"product_id": "vim-small-9.1.1629-17.51.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-17.51.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64"
},
"product_reference": "gvim-9.1.1629-17.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-17.51.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64"
},
"product_reference": "vim-9.1.1629-17.51.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-17.51.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch"
},
"product_reference": "vim-data-9.1.1629-17.51.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-17.51.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-17.51.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gvim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-9.1.1629-17.51.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-9.1.1629-17.51.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:vim-data-common-9.1.1629-17.51.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:02:41Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
suse-su-2025:03300-1
Vulnerability from csaf_suse
Published
2025-09-23 09:03
Modified
2025-09-23 09:03
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
Patchnames
SUSE-2025-3300,SUSE-SLE-Micro-5.5-2025-3300,SUSE-SLE-Module-Basesystem-15-SP6-2025-3300,SUSE-SLE-Module-Basesystem-15-SP7-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3300,openSUSE-SLE-15.6-2025-3300
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdated to 9.1.1629:\n- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim\u2019s tar.vim plugin (bsc#1246604)\n- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim\u2019s zip (bsc#1246602)\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3300,SUSE-SLE-Micro-5.5-2025-3300,SUSE-SLE-Module-Basesystem-15-SP6-2025-3300,SUSE-SLE-Module-Basesystem-15-SP7-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-3300,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-3300,openSUSE-SLE-15.6-2025-3300",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03300-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03300-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503300-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03300-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041803.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-23T09:03:45Z",
"generator": {
"date": "2025-09-23T09:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03300-1",
"initial_release_date": "2025-09-23T09:03:45Z",
"revision_history": [
{
"date": "2025-09-23T09:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64",
"product_id": "gvim-9.1.1629-150500.20.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64",
"product_id": "vim-9.1.1629-150500.20.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"product_id": "vim-small-9.1.1629-150500.20.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.i586",
"product_id": "gvim-9.1.1629-150500.20.33.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.i586",
"product_id": "vim-9.1.1629-150500.20.33.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.i586",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.i586",
"product_id": "vim-small-9.1.1629-150500.20.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-150500.20.33.1.noarch",
"product": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch",
"product_id": "vim-data-9.1.1629-150500.20.33.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"product_id": "vim-data-common-9.1.1629-150500.20.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "gvim-9.1.1629-150500.20.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "vim-9.1.1629-150500.20.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"product_id": "vim-small-9.1.1629-150500.20.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x",
"product_id": "gvim-9.1.1629-150500.20.33.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.s390x",
"product_id": "vim-9.1.1629-150500.20.33.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.s390x",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x",
"product_id": "vim-small-9.1.1629-150500.20.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64",
"product_id": "gvim-9.1.1629-150500.20.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64",
"product_id": "vim-9.1.1629-150500.20.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"product_id": "vim-small-9.1.1629-150500.20.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gvim-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "gvim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-9.1.1629-150500.20.33.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150500.20.33.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150500.20.33.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150500.20.33.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150500.20.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Micro 5.5:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:vim-small-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gvim-9.1.1629-150500.20.33.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:gvim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-9.1.1629-150500.20.33.1.x86_64",
"openSUSE Leap 15.6:vim-data-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-data-common-9.1.1629-150500.20.33.1.noarch",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.aarch64",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.ppc64le",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.s390x",
"openSUSE Leap 15.6:vim-small-9.1.1629-150500.20.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:03:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
suse-su-2025:03240-1
Vulnerability from csaf_suse
Published
2025-09-16 19:57
Modified
2025-09-16 19:57
Summary
Security update for vim
Notes
Title of the patch
Security update for vim
Description of the patch
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
Patchnames
SUSE-2025-3240,SUSE-SLE-Micro-5.3-2025-3240,SUSE-SLE-Micro-5.4-2025-3240,SUSE-SUSE-MicroOS-5.1-2025-3240,SUSE-SUSE-MicroOS-5.2-2025-3240
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for vim",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for vim fixes the following issues:\n\nUpdate to version 9.1.1629.\n \n- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening\n specially crafted tar files (bsc#1246604).\n- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening\n specially crafted zip files (bsc#1246602).\n- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).\n- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3240,SUSE-SLE-Micro-5.3-2025-3240,SUSE-SLE-Micro-5.4-2025-3240,SUSE-SUSE-MicroOS-5.1-2025-3240,SUSE-SUSE-MicroOS-5.2-2025-3240",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03240-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03240-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503240-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03240-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041716.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246602",
"url": "https://bugzilla.suse.com/1246602"
},
{
"category": "self",
"summary": "SUSE Bug 1246604",
"url": "https://bugzilla.suse.com/1246604"
},
{
"category": "self",
"summary": "SUSE Bug 1247938",
"url": "https://bugzilla.suse.com/1247938"
},
{
"category": "self",
"summary": "SUSE Bug 1247939",
"url": "https://bugzilla.suse.com/1247939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53905 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53906 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53906/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55157 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55158 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55158/"
}
],
"title": "Security update for vim",
"tracking": {
"current_release_date": "2025-09-16T19:57:09Z",
"generator": {
"date": "2025-09-16T19:57:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03240-1",
"initial_release_date": "2025-09-16T19:57:09Z",
"revision_history": [
{
"date": "2025-09-16T19:57:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.aarch64",
"product_id": "gvim-9.1.1629-150000.5.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.aarch64",
"product_id": "vim-9.1.1629-150000.5.78.1.aarch64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"product_id": "vim-small-9.1.1629-150000.5.78.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.i586",
"product_id": "gvim-9.1.1629-150000.5.78.1.i586"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.i586",
"product_id": "vim-9.1.1629-150000.5.78.1.i586"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.i586",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.i586",
"product_id": "vim-small-9.1.1629-150000.5.78.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "vim-data-9.1.1629-150000.5.78.1.noarch",
"product": {
"name": "vim-data-9.1.1629-150000.5.78.1.noarch",
"product_id": "vim-data-9.1.1629-150000.5.78.1.noarch"
}
},
{
"category": "product_version",
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"product": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"product_id": "vim-data-common-9.1.1629-150000.5.78.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "gvim-9.1.1629-150000.5.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "vim-9.1.1629-150000.5.78.1.ppc64le"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.ppc64le",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.ppc64le",
"product_id": "vim-small-9.1.1629-150000.5.78.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.s390x",
"product_id": "gvim-9.1.1629-150000.5.78.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.s390x",
"product_id": "vim-9.1.1629-150000.5.78.1.s390x"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.s390x",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x",
"product_id": "vim-small-9.1.1629-150000.5.78.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "gvim-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "gvim-9.1.1629-150000.5.78.1.x86_64",
"product_id": "gvim-9.1.1629-150000.5.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "vim-9.1.1629-150000.5.78.1.x86_64",
"product_id": "vim-9.1.1629-150000.5.78.1.x86_64"
}
},
{
"category": "product_version",
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"product": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"product_id": "vim-small-9.1.1629-150000.5.78.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-data-common-9.1.1629-150000.5.78.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch"
},
"product_reference": "vim-data-common-9.1.1629-150000.5.78.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vim-small-9.1.1629-150000.5.78.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64"
},
"product_reference": "vim-small-9.1.1629-150000.5.78.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53905"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim\u0027s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53905",
"url": "https://www.suse.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "SUSE Bug 1246604 for CVE-2025-53905",
"url": "https://bugzilla.suse.com/1246604"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-53905"
},
{
"cve": "CVE-2025-53906",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53906"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim\u0027s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53906",
"url": "https://www.suse.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "SUSE Bug 1246602 for CVE-2025-53906",
"url": "https://bugzilla.suse.com/1246602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-53906"
},
{
"cve": "CVE-2025-55157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55157"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim\u0027s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55157",
"url": "https://www.suse.com/security/cve/CVE-2025-55157"
},
{
"category": "external",
"summary": "SUSE Bug 1247938 for CVE-2025-55157",
"url": "https://bugzilla.suse.com/1247938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55158"
}
],
"notes": [
{
"category": "general",
"text": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u0027s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55158",
"url": "https://www.suse.com/security/cve/CVE-2025-55158"
},
{
"category": "external",
"summary": "SUSE Bug 1247939 for CVE-2025-55158",
"url": "https://bugzilla.suse.com/1247939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.1:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.2:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.3:vim-small-9.1.1629-150000.5.78.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:vim-data-common-9.1.1629-150000.5.78.1.noarch",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.s390x",
"SUSE Linux Enterprise Micro 5.4:vim-small-9.1.1629-150000.5.78.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-16T19:57:09Z",
"details": "moderate"
}
],
"title": "CVE-2025-55158"
}
]
}
wid-sec-w-2025-1753
Vulnerability from csaf_certbund
Published
2025-08-10 22:00
Modified
2025-09-17 22:00
Summary
vim: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Vim (Vi IMproved) ist eine Weiterentwicklung des Texteditors vi.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in vim ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1753 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1753.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1753 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1753"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3r4f-mm4w-wgg6 vom 2025-08-10",
"url": "https://github.com/vim/vim/security/advisories/GHSA-3r4f-mm4w-wgg6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5fg8-wvx3-583x vom 2025-08-10",
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03240-1 vom 2025-09-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022546.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20696-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022575.html"
}
],
"source_lang": "en-US",
"title": "vim: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-09-17T22:00:00.000+00:00",
"generator": {
"date": "2025-09-18T07:02:00.657+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1753",
"initial_release_date": "2025-08-10T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-10T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-11T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv9.1.1400",
"product": {
"name": "Open Source vim \u003cv9.1.1400",
"product_id": "T045968"
}
},
{
"category": "product_version",
"name": "v9.1.1400",
"product": {
"name": "Open Source vim v9.1.1400",
"product_id": "T045968-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:v9.1.1400"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv9.1.1406",
"product": {
"name": "Open Source vim \u003cv9.1.1406",
"product_id": "T045969"
}
},
{
"category": "product_version",
"name": "v9.1.1406",
"product": {
"name": "Open Source vim v9.1.1406",
"product_id": "T045969-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vim:vim:v9.1.1406"
}
}
}
],
"category": "product_name",
"name": "vim"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55157",
"product_status": {
"known_affected": [
"T002207",
"T045968"
]
},
"release_date": "2025-08-10T22:00:00.000+00:00",
"title": "CVE-2025-55157"
},
{
"cve": "CVE-2025-55158",
"product_status": {
"known_affected": [
"T002207",
"T045969"
]
},
"release_date": "2025-08-10T22:00:00.000+00:00",
"title": "CVE-2025-55158"
}
]
}
fkie_cve-2025-55158
Vulnerability from fkie_nvd
Published
2025-08-11 23:15
Modified
2025-08-12 18:49
Severity ?
Summary
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF46B6DF-7B68-4BDD-9789-1D58B0F80B6F",
"versionEndExcluding": "9.1.1406",
"versionStartIncluding": "9.1.1231",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim\u2019s internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406."
},
{
"lang": "es",
"value": "Vim es un editor de texto de l\u00ednea de comandos de c\u00f3digo abierto. En versiones desde la 9.1.1231 hasta anteriores a la 9.1.1406, al procesar tuplas anidadas durante las operaciones de importaci\u00f3n de scripts de Vim9, un error durante la evaluaci\u00f3n puede provocar una doble liberaci\u00f3n en la gesti\u00f3n interna de valores tipificados (typval_T) de Vim. En concreto, la funci\u00f3n clear_tv() puede intentar liberar memoria ya desasignada debido a una gesti\u00f3n incorrecta del tiempo de vida en las rutas de c\u00f3digo handle_import / ex_import. La vulnerabilidad solo se activa si un usuario abre y ejecuta expl\u00edcitamente un script de Vim especialmente manipulado. Este problema se ha corregido en la versi\u00f3n 9.1.1406."
}
],
"id": "CVE-2025-55158",
"lastModified": "2025-08-12T18:49:05.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T23:15:28.037",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/commit/9772025d24e939fd84b85748ce35c26874c05775"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/vim/vim/releases/tag/v9.1.1406"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-5fg8-wvx3-583x"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…