Multiple vulnerabilities have been discovered in Vim and gVim, the worst of which could lead to execution of arbitrary code. Affected packages Package app-editors/gvim on all architectures Affected versions < 9.1.1652 Unaffected versions >= 9.1.1652 Package app-editors/vim on all architectures Affected versions < 9.1.1652 Unaffected versions >= 9.1.1652 Package app-editors/vim-core on all architectures Affected versions < 9.1.1652 Unaffected versions >= 9.1.1652 Background Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Description Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time. Resolution All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.1.1652" All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.1.1652" All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.1.1652" References CVE-2025-53905 CVE-2025-53906 Release date January 26, 2026 Latest revision January 26, 2026: 1 Severity high Exploitable local Bugzilla entries 961498